The editors at Solutions Review have curated this list of the most noteworthy identity management and information security news items for the week of August 19. This curated list features identity and information security vendors such as Cerby, SailPoint, Transmit Security, and more.
Keeping tabs on all the most relevant identity management and information security news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month, in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy identity management and information security news items.
Identity Management and Information Security News for the Week of August 19
Cerby Announces Successful Completion of SOC 2 Type II Security Audit
Cerby, a security platform, approach that optimizes security practices while empowering both employees and security teams, announced that the company has successfully completed a System and Organization Controls (SOC) 2 Type II audit, performed by Sensiba San Filippo, LLP (SSF). The validation demonstrates that the company prioritizes security controls and the protection of customer data on its platform. A SOC 2 Type II report describes a service organization’s systems and whether the controls they have in place to satisfy the SOC criteria are operating effectively over an agreed-upon observation period. Cerby’s SOC 2 Type II report did not have any noted exceptions, and was issued with a “clean” audit opinion from SSF.
ManageEngine Integrates with Sectigo to Automate Certificate Lifecycle Management
ManageEngine, the enterprise IT management division of Zoho Corporation, announced the integration between its key and certificate lifecycle management solution, Key Manager Plus, and Sectigo, an industry-leading identity-first security Certificate Authority. A testament to Sectigo’s push for openness and interoperability in the identity, public key infrastructure (PKI), cryptography space, this integration enables IT admins using Sectigo certificates to confidently automate the entire certificate lifecycle from a secure, central platform.
Keyfactor Named to the 2022 Inc. 5000 List for Third Consecutive Year
Keyfactor, a machine and IoT identity platform for enterprises, has been recognized on the 2022 Inc. 5000 list as one of the fastest growing private companies in America. The list represents a one-of-a-kind look at the most successful companies within the economy’s most dynamic segment— independent businesses. Companies on the 2022 Inc. 5000 are ranked according to percentage revenue growth from 2018 to 2021. To qualify, companies must have been founded and generating revenue by March 31, 2018. They must be U.S.-based, privately held, for-profit, and independent—not subsidiaries or divisions of other companies—as of December 31, 2021. The minimum revenue required for 2018 is $100,000; the minimum for 2021 is $2 million.
Software Developer Cracks Hyundai Car Security with Google Search
A developer says he was able to run his own software on his car infotainment hardware after discovering the vehicle’s manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples. Daniel Feldman, a Minneapolis, Minnesota-based software engineer, wanted to modify the in-vehicle infotainment (IVI) system in his 2021 Hyundai Ioniq SEL. After trying to figure out how to customize firmware updates for the IVI’s D-Audio2 system, made by the car company’s mobility platform subsidiary Hyundai Mobis, and have them accepted by the IVI, Feldman found an unexpected way-– through Google.
Thoma Bravo Completes Acquisition of SailPoint
SailPoint Technologies Holdings, Inc., an enterprise identity security vendor, announced the completion of its acquisition by Thoma Bravo, a leading software investment firm, in an all-cash transaction valued at approximately $6.9 billion. The agreement to be acquired was previously announced on April 11, 2022 and approved by SailPoint stockholders at the Special Meeting of Stockholders held on June 30, 2022. At completion of the acquisition, SailPoint stockholders are entitled to receive $65.25 in cash for each share of SailPoint common stock they owned. SailPoint’s common stock has ceased trading and will be delisted from the New York Stock Exchange.
An Experiment Showed that the Military Must Change Its Cybersecurity Approach
Two years ago, a pair of Navy information leaders decided to attack their own networks—and not just once or twice a year during scheduled exercises, but far more frequently, and unannounced. Now they’re trying to get the rest of the Navy—and the Pentagon—to follow suit. Their experiment showed that frequent, automated red-teaming reveals which vulnerabilities are the most dangerous, the easiest for an attacker to exploit with the highest impact—information they wouldn’t have otherwise, said Aaron Weis, the Navy’s chief information officer, or CIO, and Scott Bischoff, the command information officer at the Naval Postgraduate School. And it’s far more effective than the way the Defense Department currently handles cybersecurity: with checklists of steps taken, patches implemented, and so on.
DeathStalker Mercenaries are Attacking Cryptocurrency and Exchange Companies with VileRat
Kaspersky researchers have published research finding that the DeathStalker hack-for-hire group has updated its evasive “VileRat” toolset to attack cryptocurrency and foreign currency exchange companies in Bulgaria, Cyprus, Germany, the Grenadines, Kuwait, Malta, the United Arab Emirates and Russia in 2022. Kaspersky has tracked attack campaigns from the infamous DeathStalker APT since 2018. The group mainly targets law firms and organizations in the financial sector. The threat actor stands out since its attacks do not seem to be politically or financially motivated. Kaspersky researchers believe DeathStalker acts as a mercenary organization, offering specialized hacking and financial intelligence services.
WestJet Customers Report Data Breach, Leaked Personal Information
WestJet customers reported Wednesday that the Canadian airline’s app has compromised personal information. App users took to Twitter to express their concern with the situation, claiming that when they logged in to the WestJet app, they were able to see personal details and account information associated with complete strangers. WestJet acknowledged the issue on Twitter, saying the issue lasted less than an hour and was resolved by 4:30 p.m. MST. The airline apologized, saying they “continue to actively investigate the cause of this issue.”
Belgium’s Railway Company Ensures On-time Departures, Improves Security With HID Global
HID Global, a worldwide leader in trusted identity and RFID tracking solutions, announced that the national railway company of Belgium, NMBS/SNCB, has successfully deployed a real-time location service platform with BEEKs Bluetooth Low-Energy (BLE) beacons from HID to accurately monitor train location and ensure on-time departures. NMBS/SNCB maintains and operates 3,607 kilometers of track and approximately 30 train stations throughout Belgium with passenger safety and on-time departures serving as key priorities. Prior to the HID solution, when an approaching train reached a preset GPS coordinate, an app on the onboard attendant’s smartphone would signals software at the station to start running the digital safety-check program to ensure passengers can safely disembark and the train can depart for the next station on schedule. However, many locations such as tunnels, have limited cellular coverage. When this happens, the train’s GPS location can appear as far as 10 kilometers away from the station, thwarting the entire safety check process.
Transmit Security Announces Expanded CIAM Capabilities and Record Growth
Transmit Security announced essential new capabilities of its customer identity and access management (CIAM) platform, along with key milestones and record customer and revenue growth for the first half of 2022. The company also rebranded its identity products, reflecting the shift to a developer-friendly approach to delivering secure identity services as APIs. Since June 2021, when the company announced the largest cybersecurity Series A funding round in history, Transmit Security has grown first half revenues by 40 percent year over year, expanded its employee base by 41 percent, grown its customer base by 51 percent and exceeded $100 million in annual recurring revenue (ARR). The company has added customers such as Goldman Sachs, BRED Banque Populaire and America’s Car-Mart to a list that already included industry leaders like Citigroup, Lowe’s, UBS, Santander and HSBC. In March, Transmit Security was honored by Fast Company as one of “The 10 Most Innovative Security Companies” for 2022.
QuForce Emerging as Leading Community for Post-Quantum Cryptography Experts, Academics and Enthusiasts
QuSecure, Inc., a post-quantum cybersecurity (PQC) platform, announced that the public-private initiative it sponsored, QuForce, is emerging as the world’s leading community for quantum computing experts, academics and enthusiasts. QuForce held its first-ever QuForce Demo Day last week to showcase the research of the first class of QuForce Fellows, which included six demos and nine participating Fellows that competed over a six-month period. Winners were awarded cash prizes as well as continued project funding. First Place was awarded a tie between The Preliminary Unitary API project, run by Jonathan Johnson; and the Asymmetric Cloning to Eavesdrop on BB84 Protocol project, run by Elizabeth Campolongo, Brian Pigott, and Hardik Routray. The first project showcased impactful approaches to teaching quantum physics and quantum computing software engineering by embedding core concepts into computer games to build intuition for the concepts and gamify the learning process. The second project demonstrated critical vulnerabilities in quantum key distribution (QKD) protocols. Third place went to Alaap Murali for his Quantum Computing as a Product project. The Most Novel Award went to Siddharth Rangnekar and Nizar Lethif for their Asymmetric Bases Cloning: A Novel Approach to Cloning-based Attacks on BB84 project.
For consideration in future news round-ups, send your announcements to firstname.lastname@example.org.