Inside | Real news, curated by real humans
Inside Security Soft 3x

Inside Security (Apr 8th, 2019)

There are two annual events taking place this week. The first is run by NATO and is a live-fire cyber exercise attended by numerous government defenders trying to hone their skills taking place in Estonia. The second is the annual OpIsrael virtual event, whereby hackers target that government’s websites, and not for any good purpose sadly. The timing of the latter is critical: tomorrow is an important election in Israel, and there are reports of a data breach of the voting rolls.

Each week I try to stay on top of the security-related funding announcements. This past week we had a bumper crop, with some very large deals going down. You'll find them all listed in item #10.

-- David Strom

  • Email gray
  • Permalink gray

1. If anyone should know about credential stuffing attacks, it would be Akamai. Last year it reported almost 30B attacks. That works out to hundreds of millions of them daily. The largest targets were video media and other entertainment companies. These attacks are on the rise thanks to automated construction kits that are sold online for just a few dollars per stolen credentials. -- AKAMAI REPORT (PDF)

  • Email gray
  • Permalink gray

2. Tomorrow is an important election in Israel, and there are claims of a major data breach in its voting registry. It could be old data that was leaked back in 2006, and authorities are investigating. It is part of an annual hacking campaign by various groups around the world. In the past, these campaigns haven’t had much success. In other news, Twitter has suspended dozens of suspicious accounts run by a Chinese group that has political messages posted in Hebrew. The group believes Jesus has been reincarnated as a Chinese woman living in Queens. Yes, you read that correctly.  

  • Email gray
  • Permalink gray

3. This post describes how a company got hit with the IEncrypt ransomware and how it proceeded. It all started with a phished email, and within a week attackers had gained control over the corporate network, encrypting files on hundreds of endpoints. The company paid the ransom and was able to decrypt its files. The post describes further forensic analysis that is worth reading.-- GUARDICORE BLOG

  • Email gray
  • Permalink gray

4. Dropbox has paid out bug bounties for hundreds of vulnerabilities, for a total of more than $300k. One of the participants was the appropriately named Jack Cable, a Stanford CS student who has racked up several hundred bounties by himself. This came from a hackathon in Singapore last week run by HackerOne. -- ZDNET

  • Email gray
  • Permalink gray

5. Two WordPress-related malware strains have made the news. The first is called the GoBrut botnet. It is a more dangerous variant of the ELF family that expands its attack surface to both Windows and Linux systems.  Another exploit is with the WordPress Duplicate-Page plugin. It could affect 800,000 websites. If you use it, please update to v.3.4, which has the fix that prevents stolen data and potentially admin access to your site.

  • Email gray
  • Permalink gray

6. If you are using a TP-Link WR-940 series router you should update its firmware to v.190218. Earlier versions have a buffer overflow bug that can allow remote access. What is interesting about this post is the step-by-step description using Burp to investigate the bug. -- SECURITY INTELLIGENCE (IBM)

7. Those sextortion scammers are getting more sophisticated. They have lowered their ransom demands in the hopes of getting more victims to pay and also hidden their malware through multiple layers of encryption, passwords and programming. -- MY ONLINE SECURITY

8. The front-end and open source web framework called Bootstrap-Sass has been infected with malware based on a compromised version of RubyGems. While both are quite popular, the issue was spotted quickly and fixed after about a thousand users had downloaded the malware. Upgrade to v.3.2.0.4 asap. -- NAKED SECURITY (SOPHOS)

9. NATO conducts its annual Locked Shields live-fire cyber exercise that once again threatens the fictional country of Berylia. There will be 1,000 participants from 30 different countries operating the Estonian Cyber Range.

10. Funding events. There were so many funding events last week:

  • Sqreen, based in San Francisco, received $14M in an A funding round led by Greylock Partners. It does app security and its CEO is Pierre Betouin.
  • Hack The Box, based in the UK, received $1.3M in a funding round led by Marathon VC. It does pen testing and its CEO is Harris Pylarinos.
  • Aqua Security, based in the Boston area, received $62M in a C funding round led by Insight Partners. It does container security and its CEO is Dror Davidoff.
  • Onfido, based in London, received $50M in a funding round led by Softbank Investments. It does facial ID security and its CEO is Husayn Kassai.
  • Red Points, based in Barcelona, received $38M in a funding round led by Summit Partners. It does anti-piracy and brand protection and its CEO is Laura Urquizu.
  • Deepwatch, based in St. Petersburg, Florida, received $23M in an A funding round led by ABS Capital. It does managed security services and its CEO is Justin Morehouse.
  • AppOmni, based in San Francisco, received $3M in a funding round led by Costanoa Ventures. It does cloud app security and its CEO is Brendan O’Connor.
  • Transcend, based in San Francisco, received a $4M seed funding round led by Accel Partners. It does consumer-based privacy protection and its CEO is Ben Brook.
  • RiskLens, based in the DC area, received $20.6M in a C funding round led by Paladin Capital. It does cyber risk management and its CEO is Nick Sanna.
  • CyberHat, based in Israel, received $6M in a funding round led by Mangrove. It does security incident response management and its CEO is Nadav Ardel.
  • Email gray
  • Permalink gray