Business
SKYBOX SECURITY: FINANCIAL SERVICE ORGANISATIONS MUST CHANGE APPROACH TO VULNERABILITY MANAGEMENT TO STAY AHEAD OF REAL-WORLD THREATS

Threat-Centric Vulnerability Management identifies the true risk of vulnerabilities, focuses action where it’s needed most and prioritizes imminent threats.
Skybox Security, a global leader in cybersecurity operations, analytics and reporting solutions for major banks and financial institutions including Barclays, Credit Suisse and Standard Chartered, today announced the availability of threat-centric vulnerability management (TCVM) for the Skybox™ Security Suite, signaling a fundamental shift in the approach to managing and prioritizing vulnerabilities.
TCVM changes vulnerability management from an exercise of trying to patch “everything all the time” to focused, intelligent action that considers real-world threats.
At the launch of TCVM, Skybox updated on the major trending event categories impacting organizations including banks, insurers and other financial institutions today: the use of a specific, commercialized set of exploit kits, the rise of targeted client-side vulnerabilities and the continued popularity of Internet of Things (IoT) botnets.
- A small, targeted number of exploit kits are dominating the dark web. In the first part of this year, five major exploits kits dominated chatter on the dark web, targeting nearly 70 vulnerabilities in Firefox, Adobe Flash, Microsoft Internet Explorer and Edge, Java, Microsoft XML Services and more. These vulnerabilities are known to distribute different malware as payload — for example, popular ransomware and banking Trojans.
- Threat actors continue to target specific vulnerabilities included in exploit dumps by hacker groups such as The Shadow Brokers. The group, notorious for allegedly leaking the National Security Agency (NSA)’s hacking tools, continues to pepper the dark web with exploit dumps like the major one on April 14 that contained many OS and server-side exploits. These dumps and targeted vulnerabilities impact web apps built with Apache Struts plus VMware, Cisco, Oracle and Microsoft products, to name just a few.
- Poor IoT security is still vulnerable. Botnets are exploiting vulnerabilities in network devices, gateways, cameras and other internet-connected devices, delivering distributed denial of service (DDoS) attacks through things like the ‘HTTP Port 81 Botnet’ and the Amnesia botnet which is the next generation of Mirai malware after source code was published and shared online.
With the Prioritization Center in Skybox™ Vulnerability Control, security leaders at financial and other organisations can automatically analyze the thousands — even millions — of vulnerabilities in their environment (including cloud and virtual) to pinpoint those that are truly putting their organization at risk. This means narrowing a huge volume of “known” vulnerabilities that are potential threats down to a small, manageable number of vulnerabilities that are identified as imminent threats — exposed vulnerabilities known to be exploited in the wild. In addition, TCVM enables a systematic approach for ongoing, gradual risk reduction of potential threats that could escalate in the future.
Skybox TCVM leverages ongoing intelligence of the active threat landscape produced by the Skybox™ Research Lab. The Lab aggregates information from more than 30 security data feeds along with research of exploits available on more than 700,000 dark web sites and validated by Skybox’s security analysts.
“Security leaders understand that the threat landscape is always changing. The difference now is that we’re seeing the growth of an increasingly commercialized cybercrime market. This is making it easier than ever for threat actors to attack, adjust and attack again until they accomplish their objective,” said Skybox CEO Gidi Cohen. “They tend to aim for the easy targets — and the biggest ROI — by exploiting a surprisingly small number of vulnerabilities, many of which current vulnerability management approaches don’t consider as priorities. This has to change. Security leaders have to be smarter and way more targeted in their approach — aligning it to what’s happening in the real world — if they are to stay ahead of cybercriminals.”
Skybox TCVM makes focused action possible by combining attack surface visibility, threat-centric vulnerability intelligence and attack vector analytics to identify and prioritize an organization’s biggest risks according to vulnerabilities known to:
- Exist and are exposed in the network
- Be actively exploited in the wild; or known to be attacked within a specific industry or geography
- Have an exploit available, but are not known to be part of an active exploit campaign
- Exist but are not exposed in the network
Threat-centric approaches to vulnerability management require the use of multiple technologies using several different types of security analytics. Skybox is the only company that brings together and automates the technology stack that makes TCVM possible. Skybox is also the only vendor that correlates network context (using network modeling and attack vector analytics) with real-world threat intelligence.
To learn more about Skybox TCVM and the Skybox Research Lab, click here.
Business
Siemens Healthineers gains EU nod for $16.4 billion Varian buy

BRUSSELS (Reuters) – EU antitrust regulators on Friday cleared with conditions Siemens Healthineers’ $16.4 billion acquisition of U.S. peer Varian, paving the way for the German health group to become a world leader in cancer care therapy.
The European Commission said Siemens Healthineers pledged to ensure that its medical imaging and radiotherapy equipment will work with rivals in return for its approval, confirming a Reuters story. The pledge is valid for 10 years.
“High quality medical imaging and radiotherapy solutions are crucial to diagnose and treat cancer. The efficiency and safety of treatment relies on the ability of these products to work together,” European Competition Commissioner Margrethe Vestager said in a statement.
Varian is the leader in radiation therapy with a market share of more than 50%. The deal received the U.S. antitrust green light in October last year.
(Reporting by Foo Yun Chee)
Business
Battling Covid collateral damage, Renault says 2021 will be volatile

By Gilles Guillaume
PARIS (Reuters) – Renault said on Friday it is still fighting the lingering effects of the COVID-19 pandemic, including a shortage of semiconductor chips, that could make for another rough year for the French carmaker.
Renault reported an 8 billion euro ($9.7 billion) loss for 2020 which, combined with gloomy take on the market, sent its shares down more than 5% in late morning trading.
“We are in the midst of a battle to try to manage a difficult year in terms of supply chains, of components,” Chief Executive Luca de Meo told reporters. “This is all the collateral damage of the Covid pandemic… we will have a fairly volatile year.”
De Meo, who took over last July, is looking at ways to boost profitability and sales at Renault while pushing ahead with cost cuts. There were early signs of improving momentum as margins inched up in the second half of 2020.
The group gave no financial guidance for this year, although it said it might reach a target of achieving 2 billion euros in costs cuts by 2023 ahead of time, possibly by December.
Executives said they were confident the carmaker could be profitable in the second half of 2021, but that they lacked sufficient market visibility to provide a forecast.
Renault struck a cautious note, saying it was focused on its recovery but warned orders had faltered in early 2021 as pandemic restrictions continued in some countries.
The group is facing new challenges as the European Union tightens emissions regulations and after rivals PSA and Fiat Chrysler joined forces to create Stellantis, the world’s fourth-biggest automaker.
The auto industry endured a tough 2020 but a swift rebound in premium car sales in China helped companies such as Volkswagen and Daimler to weather the storm.
Auto companies globally have since been hit by a shortage of semiconductors that has forced production cuts worldwide.
“The beginning of the year has shown some signs of weakness,” De Meo told analysts, but added the chip shortage should be resolved by the second half of 2021. “We have taken the necessary measures to anticipate and overcome challenges.”
Renault estimated the chip shortage could reduce its production by about 100,000 vehicles this year.
SHARP HIT
The group was already loss-making in 2019, but took a sharp hit in 2020 during lockdowns to fight the pandemic, which also hurt its Japanese partner Nissan.
Analysts polled by Refinitiv had expected a 7.4 billion euro loss for 2020. The group posted negative free cash flow for 2020.
The 2018 arrest of Carlos Ghosn, who formerly lead the alliance between Renault and Nissan, plunged the automakers into turmoil.
In a further sign that the companies have been working to repair the alliance, De Meo told journalists that Renault and Nissan will announce new joint products together in the coming weeks or months.
Renault has begun to raise prices on some car models, and group operating profit, which was negative for 2020 as a whole, improved in the last six months of the year, reaching 866 million euros or 3.5% of revenue.
Analysts at Jefferies said the operating performance was better than expected. Sales were still falling in the second half, but less sharply.
Renault is slashing jobs and trimming its range of cars, allowing it to slice spending in areas like research and development as it focuses on redressing its finances. It is also pivoting more towards electric cars as part of its revamp.
It was already struggling more than some rivals with sliding sales before the pandemic, after years of a vast expansion drive it is now trying to rein in, focusing on profitable markets.
De Meo told journalists on Friday that the French carmaker will make three new higher-margin models at its Palencia plant in Spain, where manufacturing costs are lower, between 2022 and 2024.
($1 = 0.8269 euros)
(Reporting by Gilles Guillaume and Sarah White in Paris, Nick Carey in London; Editing by Christopher Cushing, David Evans and Jan Harvey)
Business
UK delays review of business rates tax until autumn

LONDON (Reuters) – Britain’s finance ministry said it would delay publication of its review of business rates – a tax paid by companies based on the value of the property they occupy – until the autumn when the economic outlook should be clearer.
Many companies are demanding reductions in their business rates to help them compete with online retailers.
“Due to the ongoing and wide-ranging impacts of the pandemic and economic uncertainty, the government said the review’s final report would be released later in the year when there is more clarity on the long-term state of the economy and the public finances,” the ministry said.
Finance minister Rishi Sunak has granted a temporary business rates exemption to companies in the retail, hospitality, and leisure sectors, costing over 10 billion pounds ($14 billion). Sunak is due to announce his next round of support measures for the economy on March 3.
($1 = 0.7152 pounds)
(Writing by William Schomberg, editing by David Milliken)