Hello readers!
In today's Inside Security, our premium content offers the PATCH WATCH feature with the latest security patches from leading vendors and the SECURITY FUNDING column with the latest news on startup funding.
Also, check out Monday's CISO CORNER section in which I interviewed Chuck Brooks, Georgetown University professor, member of CyberTheory's Inner Circle CISO advisory board, and ambassador for the Cybersecurity Collaborative,
If you'd like to read this special content, Inside Security is offering a 14-day free trial. To sign up, click here. Plus, if you sign up now, you get to enjoy Inside Security five days a week!
Thanks for your support!
|
Fred
|
|
|
|
PATCH WATCH:
Microsoft patched 83 security bugs in its products on Patch Tuesday, including 10 critical flaws, The most important patch is a fix for a critical bug in Windows Defender that is being exploited in the wild...
To receive the full list of security patches and receive this feature weekly, start your FREE 14-day trial of premium!
|
|
The U.S. Census Bureau did not have fundamental security safeguards in place to protect its IT systems supporting the 2020 census, concluded a report by the Department of Commerce's Office of Inspector General (OIG). The office warned that IT security weaknesses could be exploited to manipulate data and steal personal information.
More from the report:
- The OIG concluded that the bureau had an inadequate risk management program, poorly managed its Active Directory by allowing excessive access rights, and failed to enforce personal identity verification.
- The Census Bureau responded that it fixed the IT security problems and that no data was lost or compromised.
- The census is used to determine the number of seats each state has in the U.S. House, define congressional districts, and distribute billions of dollars in federal funds for infrastructure and public services.
AP VIA ABC NEWS
|
|
SECURITY FUNDING:
Lacework (San Jose, Calif.), a cloud security startup: $525M in Series D funding led by Sunnter Hill Ventures and Altimeter Capital with participation from D1 Capital Partners, Coatue, Dragoneer Investment Group, Liberty Global Ventures, Snowflake Ventures, and Tiger Global Management. To date, the startup has raised...
To read more, click here to upgrade to premium!
|
|
Cybercriminals were able to steal close to $3.8B in Bitcoin—based on Bitcoin values in mid-January 2021—in 122 attacks last year, according to an analysis by Atlas VPN. The attackers targeted decentralized apps running on the Ethereum platform, cryptocurrency exchanges, and blockchain wallets.
More from Atlas VPN:
- The analysis used data provided by Slowmist Hacked, which aggregates data about disclosed attacks targeting blockchain projects, apps, and tokens.
- Around $3B was stolen from bitcoin wallets, $436M from Ethereum apps, and $300M from cryptocurrency exchanges.
- In addition, $10M was stolen from Tron apps, $5.9M from blockchains, and $2.8M from EOS apps.
ZDNET
|
|
A new mobile remote access trojan (RAT) dubbed Rogue can infect Android devices, take control of them, and steal user data, warned Check Point researchers. To hide from users, Rogue exploits Google's Firebase platform to appear as a legitimate Google service.
More from Check Point:
- Triangulum and HeXaGon Dev worked together to develop the mobile RAT.
- After gaining required permissions, Rogue hides its icon to prevent the victim from deleting it.
- Rogue is able to register as a device administrator.
- The malware exploits the following Google services: Cloud Messaging to receive commands, Realtime Database to upload device data, and Cloud Firestorm to upload files.
SECURITY WEEK
|
|
A watering hole attack targeted Windows and Android users with zero-day and n-day exploits, concluded Google's Project Zero. The sophisticated attack campaign used two exploit servers—a Windows server and an Android server—each of which employed a separate exploit chain to compromise targets.
More from Project Zero:
- Both servers used Chrome exploits for the initial remote code execution attack.
- The exploit chains were well-engineered, complex code with new exploitation methods, mature logging, sophisticated post-exploitation techniques, and high volumes of anti-analysis and targeting checks.
- The Chrome and Windows zero-days exploited in the attack campaign have been patched by the vendors.
- Project Zero worked with the Google Threat Analysis Group to carry out the analysis.
BLEEPING COMPUTER
|
|
QUICK HITS:
- This company raised $9.3M to help orgs gift employees with glamping trips, Peloton bikes, and virtual sommelier lessons. Check out Blueboard's Experience menu.*
- Attackers who breached the European Medicines Agency last month have leaked documents related to COVID-19 online.
- The National Board for Certified Counselors reported a data breach that exposed personal data on individuals associated with the board.
- Ardit Ferizi, a convicted hacker, has been charged with fraud and identity theft that he allegedly carried out while in prison.
- Over 30,000 companies are building their eCommerce apps all without writing a single line of code.*
* This is sponsored content.
|
|
|
|
Fred Donovan is a professional writer, editor, and content specialist with decades of experience, most recently in the areas of information technology and cybersecurity. He has written for such publications as HealthITSecurity.com, FierceITSecurity, InfoSecurity Magazine, Report on Patient Privacy, TechGenix, and NetDefense. Fred has a B.A. from Harvard University in government and an M.S. in national security from Georgetown University.
|
|
Editor
|
Charlotte Hayes-Clemens is an editor and writer based in Vancouver. She has dabbled in both the fiction and non-fiction world, having worked at HarperCollins Publishers and more recently as a writing coach for new and self-published authors. Proper semi-colon usage is her hill to die on.
|
|