App Annie misled its customers about how it got its app usage data.
Securities and Exchange Commission (SEC) accused the well-known American analytical company App Annie and its co-founder and former CEO Bertrand Schmitt in data fraud. As part of the “misleading and material misstatement of information about how App Annie obtained alternative data” dispute, the company and Schmitt agreed to pay more than $ 10 million.
App Annie is one of the world’s largest sellers of mobile app performance data. The company sells data useful to developers, publishers, advertisers, and marketing firms, including information on app downloads, frequency of use, revenue generated, and more.
These types of data are called “alternative data” by trading companies because they are not included in financial statements or other traditional data sources, the SEC explains. App Annie promised app developers not to directly disclose their data to third parties, but instead use it as a source of aggregated and anonymized statistics. In particular, the developers were promised to use the data. solely for building a statistical model for the purpose of evaluating application performance.
However, according to the SEC, from late 2014 to mid-2018, App Annie used non-aggregated and non-anonymized data to modify estimates generated from a statistical model to make them more valuable to sell to trading companies. According to the SEC, the company and its ex-CEO Schmitt lied to their clients about how the data was obtained. Customers were advised that the data was obtained with the conscious consent of users and that the company has effective internal controls to prevent unauthorized use of confidential data and to ensure compliance with US federal cybersecurity laws. Trading companies made investment decisions based on this data, and App Annie even advised them on using estimates for trading prior to announcing earnings.
App Annie and Schmitt violated the anti-fraud provisions of Section 10 (b) of the Exchange Act and Rule 10b-5, the SEC reported. App Annie, without admitting or denying the accusation, agreed to comply with the order to stop illegal activities and pay a fine of $ 10 million. At the same time, Schmitt is obliged to pay $ 300 thousand. companies.
Biden: the US does not want to unleash a new cold war
But cyberattacks will be answered
The United States does not seek to unleash a new Cold War and does not want to see the world split into tough blocs, said US President Joe Biden at the general political debate of the 76th session of the UN General Assembly (GA).
“We do not want a return of the Cold War or a world divided into blocs,” Biden said in his first US presidential address from the UN rostrum.
“The United States is ready to cooperate with any state that is ready to solve existing problems,” the American leader added.
Biden also noted that Washington is in favor of developing uniform rules for the safe behavior of states in cyberspace. The US is strengthening its infrastructure to better defend against foreign hackers.
Biden stressed that the country reserves the right to respond to hacker attacks in the strongest possible way because they threaten the people and interests of the United States.
Security Vision 5.0: The Swiss Knife in Information Security
In this article, we will talk about the mechanisms that underlie the Security Vision 5.0 platform and allow you to automate any formalized process in the field of IT and information security.
Recently, the globally updated information security process management platform Security Vision 5.0 has entered the market. The changes have affected many aspects, from design and architecture to filling modules and principles of working with data, while the flexibility of the platform has not only been preserved, but also increased. In this article, we will talk about the mechanisms that underlie the platform and allow you to automate any formalized process in the field of IT and information security.
Object Oriented Approach
Most IRP / SOAR systems today are focused around one single object: the “incident”. Best practices recommend using CMDB for asset control, and Vulnerability Management System for vulnerability control. IDM will be responsible for accounts and GRC will be responsible for risks. Even if all these systems are in the company and each of them copes with its tasks, to obtain a comprehensive picture it will be necessary to do a lot of work: unload all the results of interest, bring them to a single data model and, based on this data, generate the necessary analytics. As a result, you never have a really up-to-date picture of what is happening – the situation can change dramatically immediately after you load the data into Excel. Needless to say
When it counts for minutes, and sometimes for seconds, incident response specialists simply do not have time for consolidated analytics from dozens of different sources, some of which are available only by calling the “possessor of sacred knowledge”. The owner of the system left for lunch – and now Initial Access turns into Lateral Movement .
But the list of types of objects of control in IB is not at all limited to the above. certifications, software and licenses, external service providers, user awareness companies, hardware inventory and obsolescence, changes, projects, Shadow IT and more. All this requires accounting and a special life cycle, for the successful functioning of which a well-coordinated interaction of employees and systems is required. It is for this reason that there are no restrictions on the types of control objects in our product, and it has become simple and convenient to create them.
The Security Vision platform can be delivered with pre-installed modules for managing incidents, assets, vulnerabilities, risks, specialized conformity assessments such as CII, PCI DSS, SWIFT, etc. These modules contain all the necessary objects, directories, dashboard workflows and reports.
But even the best analysts will not be able to think through every nuance of the customer’s infrastructure, take into account the peculiarities of the company’s internal processes, the requirements of regulators and business. For this reason, the main focus of our product is on the flexibility of any of the system elements. And this flexibility is available to the average user, without the involvement of a vendor or integrators. Without external scripts, right in the platform interface in NoCode or LowCode mode (in the case of integrations).
What does this flexibility look like in reality? Let’s consider several customization scenarios.
Undoubtedly, the constantly growing number of incidents is becoming the main driver in information security automation. The process of their processing for the analyst should be as simple and clear as possible. He does not have time to read the string of incident properties in the hope of finding meaningful information. Depending on the type of incident, the focus should be on completely different inputs. For this reason, different types of incidents in the platform have completely different views in Security Vision.
Your existing incident handling process can be modified as part of your existing incident handling policy or procedure. For example, let’s add the attribute “Closing reason” to the incident card, which will be required to be filled in only if the status is “Waiting for closing confirmation”, and the ability to edit it will be available only to a user with the role “Information security incident manager”.
The calculation of the criticality of an incident can take into account any parameters of both the event itself and the objects involved in it.
In our case, the initial criticality of the incident and the criticality of the asset are used to calculate the criticality of the incident. For each of the incident types and information enrichment tools, you can assign your own criticality parameters and significance weights. You can use qualitative metrics or link the calculation to a quantitative risk assessment built in the company.
The field reflecting the quantitative assessment of potential damage can be hidden for employees of the first lines of support, making it available only to managers.
Properties of objects are available for layout in the card relative to each other, as well as for combining into semantic blocks and tabs. The data output form allows you to replace the values with color indicators or icons for greater clarity.
One of the most interesting features of the platform interface is the ability to add graphic widgets directly to object cards. Chart the number of incidents by device or user involved in the incident, broken down by severity? See the timeline of a user’s VPN connection over the past month? No problem, adding such analytics to a specific type of incident has never been easier.
Most incident handling systems operate with tree-structured workflows. This means that our object can only move forward and never backward. However, it is often impossible to identify all involved accounts, hosts, IoCs in one pass. All stages of containment have already been carried out and it seems that the incident can be closed, but the Sandbox report reveals new objects, and the picture of the investigation completely changes. In such a situation, it is quite logical to return the incident to work.
In Securty Viison, incident handling reports are available for generation directly from the card. You can use ready-made report templates, such as the NKTsKI format, or customize your own, within the existing methodology in the company.
However, all of the above was mainly related to the interface. But the incident handling process gains real power thanks to the integration designer.
Today, a huge number of both paid and free services for enriching the available information are available for a SOC specialist. VirusTotal, Threat Crowd, Hybrid Analytics: – all these integrations are available by default in most IRP \ SOAR platforms. But let’s consider a situation where we want to add a new enrichment framework or just handle a new property that returns the API of the service we are interested in. To do this, you do not need to wait for a vendor’s response or write Python scripts. In Security Vision, we literally set up a connection in a couple of iterations and get the desired value.
All that remains is to add data retrieval to the incident handling workflow, choosing whether this action will be fully automatic or require manual activation of the function by the analyst.
But integrations aren’t just about friendly external APIs. Many infrastructure components are still difficult to integrate into automated procedures. For example, a Cisco cluster in Active-Passive mode will require access to the active IP address. How does the system know about the required connection parameters? The functionality of redundant connector configurations allows you to create additional configurations that will be applied if the main system is unavailable.
It is not always enough to get the data you need in just one step. Quite often, for example, in Sandbox systems, the following scenario occurs: 1. send the file being examined 2. get the request id 3. apply for the analysis status at regular intervals 4. and, finally, get the analysis results. But there are also more complex interactions, in which the data for authorization in the system must be obtained from Privileged Access Management and only after that the operations of interest must be carried out. The connector steps mechanism allows you to cope with such difficulties. The data from one step can be used as input parameters for the next. In Security Vision, functions of data transformation are available to the “meeting”: text, numeric, operations with arrays and structures.
If the company already has ready-made response tools in the form of scripts in PowerShell, Bash, Python or other scripting programming languages, then it will not be a problem to implement them into the platform. The script receives static values or variables from system objects. The built-in regex, jpath, xpath and a number of other handlers will help you cope with any format of the returned data.
Many companies are faced with the problem of processing large reports, for example, from vulnerability scanners. The infrastructure scan file can be several gigabytes in size, but most systems are capable of processing files no larger than 100 MB. Security Vision connectors are able to cope even with such a task that is not solvable for many.
Complex report structures are another non-trivial task. For example, the scan policy and the credentials used are in one NameSpace, the plugins used are in the other, and the scan results are in the third. How to turn a report into a single table instead of 3 different ones? In Security Vision, this is very easy to do.
All the integrations described above can be performed both within the workflow and on a regular basis in the task scheduler. The results can be stored in the properties of objects, reference books or the platform can create new objects based on them: indicators of compromise, vulnerabilities, assets, or save their own types created by the user.
Having considered the functionality of creating objects, let’s now take a closer look at the part of it that is responsible for inventory and working with assets. In Security Vision, data sources about the assets being created can be any information storage available for integration: Active Directory, CMDB, virtualization management tools, or SIEM system asset models. Most often, the built-in mechanism of non-agentless scanning is used to identify systems.
In the absence of an account or unsuccessful authentication, the host can be identified by indirect signs: responses from services, information in Active Directory, or using custom rules (for example, based on the specifics of host names).
If authorization is successful, inventory scripts collect information about configuration, security status, software, updates, and other system components. All inventory scripts are written in bash and PowerShell, which allows any technician to familiarize themselves with their content, modify them to suit their needs, or search for problems in case of any errors and incorrect data received.
We have provided Security Vision with the ability to obtain information about user and groups, virtualization, startup and much more. However, if this information is not enough, the system allows you to add the retrieval of any system properties available for machine collection. Such custom operations can be implemented both by adding the necessary calls to the regular inventory process, or by creating a manual operation available from the asset card.
Our customers are often faced with the fact that inventory data is not enough even in disparate systems. What is the criticality of this system? Is it a productive environment or a test environment? Who is the business owner and who is the technical administrator? The collection of this kind of information from users can be built directly in Security Vision. The workflow will independently send a letter to the employee responsible for the inventory and the owner of the system with a reminder that it is necessary to fill in the required parameters. The system interface for such user roles can be configured in such a way that only the necessary menus and objects will be available for viewing and filling.
Any information contained in Security Vision can be presented in the form of reports and dashboards. The dashboard builder allows you to customize drill-down actions, for example, display a detailed description of a selected category or navigate to another related dashboard. The use of this designer does not require technical knowledge: the formation of analytics is similar to pivot tables and graphs in Excel. However, for more advanced statistics, we left the possibility of writing your own SQL queries right in the designer interface.
This is just a small list of tools that enable the Security Vision platform to optimize and automate almost any information security process. The flexibility of each of the elements allows you to implement scenarios for specific tasks of your company, without resting on the limits of the product and contractual individual revision.
Security Vision brings people and systems together in a single solution. This approach allows to achieve an unprecedented level of automation even in those processes that previously required significant human resources. Stay tuned for updates on our website: in the following articles we will tell you more about the SGRC module and its functions for working with audits, risks and compliance assessment, we will tell you how you can build a process for managing vulnerabilities and updates in the Security Vision platform, and also explain how the data, uploaded to the platform as part of the MITER ATT & CK framework and related projects can help increase the maturity level of your SOC division.
Counterfeit chips are increasingly being identified in supply chains
Many manufacturers are faced with the supply of counterfeit, substandard or used microcircuits.
Fighting the unprecedented global chip crisis, more and more electronics manufacturers are turning to third-party supply chains to meet demand. Many manufacturers are faced with the supply of counterfeit, substandard or used microcircuits.
According to Nikkei Asia, Japanese electronics manufacturer Jenesis was one of the hardest hit. Since the company could not purchase microcomputers from conventional sources, it placed an order through the website of the Chinese e-commerce giant Alibaba. Unfortunately, the chips that arrived did not turn on and were completely different from those ordered by Jenesis. Jenesis representatives were unable to contact the supplier following this incident.
This trend should be a warning to electronics manufacturers looking to buy chips. Manufacturers and authorized distributors keep records of chips sold by third parties, but no manufacturer guarantees these chips. In most cases, it is unclear how and where vendors store the chips. These situations make it easier for suspicious goods to enter supply chains, but it is difficult to trace the true source.
These can be chips taken from discarded equipment or recycled chips that do not meet quality standards, including chips with a forged manufacturer name or model number.
As of August, experts from Oki Electric Industry, a company specializing in the provision of chip validation services, said they had received about 150 requests for chip analysis. Many of them were from manufacturers of industrial and medical equipment. According to the results of 70 checks, it turned out that about 30% of the microcircuits were faulty.
The budget AMD Radeon RX 6600 graphics card will be presented on October 13
The source published the estimated date of the announcement of the AMD Radeon RX 6600 video card. The most affordable...
Large electric sedan Mercedes-Benz EQS was cheaper than the gasoline S-Class
Mercedes-Benz today announced the cost of its large EQS sedan, which is an electric version of the flagship S-Class. And,...
Biden: the US does not want to unleash a new cold war
But cyberattacks will be answered The United States does not seek to unleash a new Cold War and does not...
Pros and cons of iPhone 13. What they write about news from CNN, Engadget, Wired and other specialized publications
After the first review of the iPhone 13 Pro by The Verge, excerpts from which we have already published, reviews...
- Security5 days ago
US company sells iOS exploit to UAE government
- Security5 days ago
Pakistani sentenced to 12 years in prison for bribing AT&T employees
- News6 days ago
SpaceX sent four tourists into space. The civilian crew will stay in orbit for three days
- Security6 days ago
Anonymous publishes 180 GB of data from a far-right hosting provider