Inside | Real news, curated by real humans
Inside Security

Inside Security (Nov 20th, 2017)

David’s Take

I want to tell you about a white paper and a screencast review I have done on behalf of Inky for a new product called Phish Fence. You can get both items here. Phishing has become the gateway drug for criminals to infect your company with malware, and has become more sophisticated in the last several years with targeted attacks that employ all kinds of obfuscation techniques. Phish Fence displays warning messages as part of your inbox and has both free and paid versions. My review shows you how it works, and my paper puts phishing in the appropriate context and also discusses some of the more noteworthy recent attacks.

It has been a busy week for mergers, new products and funding announcements, we have the details below. Finally, because of Thanksgiving, we will only publish a newsletter today and tomorrow and take the rest of the week off.

-- David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

Top Story: Terdot increases its scope

The Terdot banking Trojan has been re-engineered from its Zeus origins with new techniques such as leveraging open-source tools for spoofing SSL certificates, and a man-in-the-middle proxy to search the user's entire web traffic and social media accounts for information to log and steal. It was first observed in October 2016 and has been seen lately targeting Canadian banking customers. -- BITDEFENDER

  • Email gray
  • Permalink gray

Funding events of the week

ReFirm Labs received a $1.5M funding round led by DataTribe. It is based in Columbia, Maryland and its CEO is Terry Dunlap. ReFirm has developed an IoT firmware validation product.

AtBay received a seed $6M round led by Lightspeed Ventures. The company has a new cyber insurance product. Its CEO is Rotem Iram and it is based in Silicon Valley.

WireWheel has raised a $3.1M seed round led by PSP Growth. It is based in the DC area and has developed privacy management tool. WireWheel's CEO is Justin Antonipallai, who held a high position in the Department of Commerce.

ThreatQuotient raised a $30M C round led by Adams Street Partners and NTT. It is also based in the DC area and has a threat intelligence service. The CEO is John Czupak.

Medigate received $5.35M in seed funding to help protect medical IoT devices. The round was led by YL Ventures. Based in Israel, Medigate's CEO is Jonathan Langer.

  • Email gray
  • Permalink gray

Attacks and vulnerabilities

Criminals are exploiting loyalty rewards programs, mainly in the travel industry. There are now fraudulent services that will book hotels, airline tickets and rental cars across the dark web. They obtain points from compromised user accounts and then use them to purchase these travel services. The criminals make use of brute force login tools. – INTEL FLASHPOINT BLOG

  • Email gray
  • Permalink gray

Mergers of the week

Denver-based Optiv Security acquired two firms last week. They are Conexsys, an MSSP based in Toronto, and Decision Lab, a big data automation and orchestration services vendor based in Columbia Maryland. Terms were not disclosed on either transaction.

Synopsys acquires Black Duck Software, makers of an open source code security analysis tool.  Terms were not disclosed.

The German tire and advanced car components company Continental has acquired the Israeli smart car technology startup Argus Cyber Security for $430M.

NTT has also announced a partnership with CounterTack to jointly sell each other's products and also invested in the endpoint detection company. Terms were not disclosed.

Finally, the company called Root9B Holdings has closed its doors. Brian Krebs has the details on the firm that seemed like a scam from day 1.  

  • Email gray
  • Permalink gray

New products of the week

Check Point SandBlast Mobile version has some new features, including the ability to detect and block zero-day malware infections, block smishing attacks on phones, and a better UI. I reviewed an earlier version for CSO Online here. The price remains $4 per device per month or $8 per user per month for up to 3 devices, with minimum annual contracts.

ImmuniWeb Discovery is a free tool that enables companies to maintain a comprehensive inventory and classification of its external web and mobile applications, as well as its APIs. It provides a continuous and non-intrusive application discovery, leveraging a wide spectrum of reconnaissance and OSINT information gathering techniques.

Quad9 is a free, recursive, anycast DNS platform that provides end users robust security protections, high-performance, and privacy. It checks DNS queries against more than a dozen threat feeds and has systems in place across the world in more than 70 Internet peering points. No personally-identifiable information is collected by the system. IBM, F-Secure, Proofpoint and RiskIQ are some of the partners behind the service.

If you use GitHub and have enabled their relatively new dependency graph feature for your Javascript and Ruby projects, you might want to use an even newer feature that checks for security vulnerabilities in your code and suggests fixes from their community.

  • Email gray
  • Permalink gray

Just for fun

Yeah, that will do it! -- JUOKAZ @ TWITTER

  • Email gray
  • Permalink gray

Subscribe to Inside Security

MORE NEWSLETTERS

Fascinating, curious and amazing journalism, all in one link.

ReadThisThing

Fascinating, curious and amazing journalism, all in one link.

DAILY
Fascinating, curious and amazing journalism, all in one link.

ReadThisThing

DAILY

SUBSCRIBED!

Share via

Financial, legislative, agricultural, and all the other most important news about the cannabis industry

Inside Cannabis

Financial, legislative, agricultural, and all the other most important news about the cannabis industry

TWICE WEEKLY
Financial, legislative, agricultural, and all the other most important news about the cannabis industry

Inside Cannabis

TWICE WEEKLY

SUBSCRIBED!

Share via

Everything you need to know about the resurgence of the spoken word

Inside Podcasting

Everything you need to know about the resurgence of the spoken word

TWICE WEEKLY
Everything you need to know about the resurgence of the spoken word

Inside Podcasting

TWICE WEEKLY

SUBSCRIBED!

Share via

A thoughtful roundup of news and links for developers

Inside Dev

A thoughtful roundup of news and links for developers

WEEKLY
A thoughtful roundup of news and links for developers

Inside Dev

WEEKLY

SUBSCRIBED!

Share via