Inside | Real news, curated by real humans
Inside Security

Inside Security (May 20th, 2019)

The two breaches suffered by software companies in the past week couldn’t be more at polar opposites. First is the breach from TeamViewer, a collaboration and remote control product that was hit many years ago by Chinese hackers. The company still hasn’t come completely clean about what happened and why it took so long to acknowledge the breach. The second situation happened at StackOverflow, which has been incredibly crystal clear and prompt about how hackers got into its systems earlier this month. Study both news items and try to be more like StackOverflow than TeamViewer in your own response.

As a reminder, my next newsletter will appear on Friday. I am off to San Francisco to speak at the AILIVE conference tomorrow. If you are in town and have some time in your schedule, drop me a note.  

-- David Strom

  • Email gray
  • Permalink gray

1. The software company TeamViewer suffered a breach from Chinese hackers back in 2016. It recently partially confirmed when a German newspaper published a report. However, the devil is in the details, and the published report said the hackers lived inside the network for several years, which is at odds with the company’s account. -- BLEEPING COMPUTER

  • Email gray
  • Permalink gray

2.  StackOverflow also recently announced it had suffered a breach, which happened earlier this month. After a week it detected the intrusion and took measures to investigate and eliminate the issue. The breach was caused by a programming error. Data of a small number of users were compromised, however, and the company has been very transparent about taking steps towards better security. -- STACKOVERFLOW BLOG

  • Email gray
  • Permalink gray

3. More than 100,000 users of the popular online hacking forum OGusers has been leaked online thanks to a breach. The data was stolen and their systems’ hard drives were wiped clean. Krebs has details, and says, “this leak will fuel even more arrests and charges for those [hackers] involved.” -- KREBS ON SECURITY

  • Email gray
  • Permalink gray

4. Large portions of Salesforce’s network infrastructure were shut down in response to buggy production code update of its Pardot product line. The code changed access permissions globally, and took days to remove and reset equipment to the proper access levels. -- ZDNET

  • Email gray
  • Permalink gray

5. Does your cybersecurity insurance policy have a “social engineering” reduction clause? This reduces the insurance payout from a breach, if the insurer can prove this was its cause. Other insurers are upping benefits if you can prove better infosec hygiene. It pays to read the fine print. -- CSO ONLINE

  • Email gray
  • Permalink gray

6. As the number and consequences of BGP diversion attacks increase, the EU security agency has put together a series of security recommendations. These include better IP filtering and route peering, careful monitoring of TTL stats, and implementing resource PKI. -- ENISA BLOG

7. The security seal as sold by @bestoftheweb contains two different keystroke loggers. The company confirmed its code was hacked and removed the offending scripts. This is an interesting supply chain attack and more than 100 websites still link to the hacked versions. -- DE GROOT@ GITHUB

8. Protonmail has developed an open source implementation of OpenPGP in the Go programming language. The goal is to make encryption more readily available to a wider collection of apps and developers that use this language. -- PROTONMAIL

9. More than twenty thousand Linksys routers are leaking their entire network connection logs. The company said it updated its firmware years ago, but researchers found evidence that these updates haven’t been applied correctly (or not at all). -- ARS

10. Funding news of the week:

  • Nym Technologies received a $2.5M funding round led by NEO Global Capital. It has a new privacy infrastructure and is based in India and its acting CEO is Harry Halpin.  
  • Siemplify received a $30M C funding round led by Georgian Partners. It is a New York City-based security orchestration vendor and its CEO is Amos Stern.
  • Respond Software received a $20M B funding round led by Clear Sky Security. It is based in Silicon Valley and does robotic security decision automation. Its CEO is Mike Armistead.
  • 4Stop received a $2.5M A funding round led by Ventech Capital. It is based in Cologne and does banking compliance and anti-fraud services. Its CEO is Ingo Ernst.

  • Email gray
  • Permalink gray

This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and ReadWrite.com’s business websites. You can find me at @dstrom or my personal site.

Finally, we note our Managing Editor Kim Lyons (freelancer for the NYTimes and also the editor of Inside Pittsburgh) and David Stegon (senior editor at Inside, whose reporting experience includes cryptocurrency and technology).  

  • Email gray
  • Permalink gray

Subscribe to Inside Security

MORE NEWSLETTERS

For those in the business of buying, selling, and developing real estate.

Inside Real Estate

For those in the business of buying, selling, and developing real estate.

DAILY
For those in the business of buying, selling, and developing real estate.

Inside Real Estate

DAILY

SUBSCRIBED!

Share via

Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

Inside Automotive

Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

DAILY
Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

Inside Automotive

DAILY

SUBSCRIBED!

Share via

The present and future of AR news and technology

Inside AR

The present and future of AR news and technology

DAILY
The present and future of AR news and technology

Inside AR

DAILY

SUBSCRIBED!

Share via

The present and future of virtual reality news and technology

Inside VR

The present and future of virtual reality news and technology

TWICE WEEKLY
The present and future of virtual reality news and technology

Inside VR

TWICE WEEKLY

SUBSCRIBED!

Share via