cybercrime

Auto Added by WPeMatico

Ivanti has acquired security firms MobileIron and Pulse Secure

IT security software company Ivanti has acquired two security companies: Enterprise mobile security firm MobileIron and corporate virtual network provider Pulse Secure.

In a statement on Tuesday, Ivanti said it bought MobileIron for $872 million in stock — with 91% of the shareholders voting in favor of the deal — and acquired Pulse Secure from its parent company Siris Capital Group, but did not disclose the buying price.

The deals have now closed.

Ivanti was founded in 2017 after Clearlake Capital, which owned Heat Software, bought Landesk from private equity firm Thoma Bravo, and merged the two companies to form Ivanti. The combined company, headquartered in Salt Lake City, focuses largely on enterprise IT security, including endpoint, asset and supply chain management. Since its founding, Ivanti went on to acquire several other companies, including U.K.-based Concorde Solutions and RES Software.

If MobileIron and Pulse Secure seem familiar, both companies have faced their fair share of headlines this year after hackers began exploiting vulnerabilities found in their technologies.

Just last month, the U.K. government’s National Cyber Security Center published an alert that warned of a remotely executable bug in MobileIron, patched in June, allowing hackers to break into enterprise networks. U.S. Homeland Security’s cybersecurity advisory unit CISA said that the bug was being actively used by advanced persistent threat (APT) groups, typically associated with state-backed hackers.

Meanwhile, CISA also warned that Pulse Secure was one of several corporate VPN providers with vulnerabilities that have since become a favorite among hackers, particularly ransomware actors, who abuse the bugs to gain access to a network and deploy the file-encrypting ransomware.

Powered by WPeMatico

Decrypted: Apple and Facebook’s privacy feud, Twitter hires Mudge, mysterious zero-days

Trump’s election denialism saw him retaliate in a way that isn’t just putting the remainder of his presidency in jeopardy, it’s already putting the next administration in harm’s way.

In a stunning display of retaliation, Trump fired CISA director Chris Krebs last week after declaring that there was “no evidence that any voting system deleted or lost votes, changed votes or was in any way compromised,” a direct contradiction to the conspiracy-fueled fever dreams of the president who repeatedly claimed, without evidence, that the election had been hijacked by the Democrats. CISA is left distracted by disarray, with multiple senior leaders leaving their posts — some walked, some were pushed — only for the next likely chief to stumble before he even starts because of concerns with his security clearance.

Until yesterday, Biden’s presidential transition team was stuck in cybersecurity purgatory because the incumbent administration refused to trigger the law that grants the incoming team access to government resources, including cybersecurity protections. That’s left the incoming president exposed to ongoing cyber threats, all while being shut out from classified briefings that describe those threats in detail.

As Biden builds his team, Silicon Valley is also gearing up for a change in government — and temperament. But don’t expect too much of the backlash to change. Much of the antitrust allegations, privacy violations and net neutrality remain hot button issues, and the tech titans resorting to cheap “charm offenses” are likely to face the music under the Biden administration — whether they like it or not.

Here’s more from the week.


THE BIG PICTURE

Apple and Facebook spar over privacy — again

Apple and Facebook are back in the ring, fighting over which company is a bigger existential threat to privacy. In a letter to a privacy rights group, Apple said its new anti-tracking feature will launch next year, which will give users the choice of blocking in-app tracking, a move that’s largely expected to cause havoc to the online advertising industry and data brokers.

Given an explicit option between being tracked and not, as the feature will do, most are expected to decline.

Apple’s letter specifically called out Facebook for showing a “disregard for user privacy.” Facebook, which made more than 98% of its global revenue last year from advertising, took its own potshot back at Apple, claiming the iPhone maker was “using their dominant market position to self-preference their own data collection, while making it nearly impossible for their competitors to use the same data.”

Powered by WPeMatico

Decrypted: Grayshift raises $47M, Apple bugs under attack, video game maker hacked

The election is over, but not without a hitch or two. Some voters in Georgia and Ohio had to use paper ballots after hand sanitizer leaked into voting machines — an unexpected casualty of the pandemic. And a slew of robocalls across a number of swing states urged voters to “stay safe and stay home,” in an effort to disenfranchise voters from going to the polls. With record voter turnout, there’s little evidence to show it worked.

But we saw nothing like the hack-and-leak operations like we did four years ago, which delivered an “October surprise” that derailed the election for Hillary Clinton, despite winning the popular vote by three million votes.

Government officials and cybersecurity firms said there were no significant or damaging cyberattacks during Election Day. One Homeland Security official called it “another Tuesday on the internet,” but conceded there was still cause for concern in the election aftermath.

With the bulk of the votes counted, government officials pointed to the threat of “foreign influence” campaigns — or misinformation — that would try to cast doubt on the election results. In reality, much of the false and misleading claims ended up coming from inside the White House as the Trump administration tried to cling onto power. After being caught out four years ago, the social media giants put into place measures and policies that limited the spread of false news — including Trump’s repeated attempts to claim victory.

Fears that the 2020 election could turn into a national, or even an international security matter did not come to fruition. The U.S. is in a better place than it was four years ago by simply learning the lessons from Russia’s efforts to interfere with the election. Imagine where we could be in another four?

Since you, like us, were glued to the television screens last week, here’s more from the week you might have missed.


THE BIG PICTURE

Grayshift, the maker of phone unlocking tech, raises a Series A round

Grayshift, the secretive startup behind the U.S. government’s favorite phone unlocking technology, has raised $47 million in fresh funding. The Series A round was led by PeakEquity Partners, and — as first reported by Forbes — is a huge round for a little-known phone forensics firm.

One of only a few photos of the mysterious GrayKey phone unlocking devices. Image Credits: Malwarebytes

Grayshift exploded onto the mobile forensics scene in 2018, months after the company began quietly selling its proprietary GrayKey technology to federal agencies for about $15,000 each. The FBI and other agencies use their purchased GrayKey devices to break into encrypted phones without needing the passcode.

Powered by WPeMatico

Here’s what’s happening at Disrupt 2020 today

Rise, shine and build your business startup fans. It’s day four of Disrupt 2020, and this is your daily snapshot of just some of the heavy-hitters, events, breakout sessions and all-around opportunity that’s yours for the taking.

Looking for the complete lineup? You’ll find it in the Disrupt agenda. Note: unless otherwise stated, all times are PST. Kicking yourself for not jumping on the opportunity bandwagon? Simply buy a Disrupt pass here, and kick your regrets to the curb.

Buckle up, folks — you’re in for a great day.

Athleisure wear is one of the hottest trends in retail, and it’s certainly a popular work-at-home wardrobe during a pandemic. Head to the Disrupt Stage and join comedian/tech investor Kevin Hart and Fabletics’ Adam Goldenberg for Retail is in the Details. They’ll talk about the company’s future and the type of tech Hart may invest in next (9:05 a.m. – 9:30 a.m.).

Everybody loves robots, but not many people know more about them than Boston Dynamics’ Robert Playter. You’ll find him on the Disrupt Stage talking about the company’s transition from robotics research to commercial production. Don’t miss Putting Robots to Work (10:00 a.m. – 10:20 a.m.)

We trust you haven’t missed a minute of the always-thrilling Startup Battlefield pitch competition. Still, a reminder never hurts. Session four takes place on the Disrupt Stage. Don’t miss watching today’s cohort lay it all on the line for a shot at $100,000 (10:40 a.m. – 11:45 a.m.).

Okay folks this session, Under the Radar, is a big, big deal. Legendary VC and Silicon Valley force of nature, Benchmark’s Peter Fenton joins us on the Disrupt Stage for a rare interview. Topic? The future of startups and venture capital (11:45 a.m. – 12:05 p.m.).

Head to the Extra Crunch Stage for product development tips from current and former product heads at places like Facebook, Zoom, Slack, Hulu and Oculus. Zoom’s Oded Gal, Advisor’s Eugene Wei, Slack’s Tamar Yehoshua and Inspirit’s Julie Zhuo will discuss How to Iterate Your Product (11:50 a.m. – 12:45 p.m.).

Data security is everyone’s concern — from budding startup founders all the way up to the NSA. Don’t miss Spycraft and Cybersecurity and the opportunity to hear Anne Neuberger, head of the NSA’s new Cybersecurity Directorate. She’ll take to the Disrupt Stage and discuss cyber threats, disrupting foreign adversaries and helping you improve your own cybersecurity (1:00 p.m. – 1:20 p.m.).

Whew, that rundown should whet your appetite for the day ahead. Connect, inspire, collaborate and take advantage of all the tips, advice, tools and opportunity Disrupt 2020 offers.

Still standing on the sidelines? You have two full days left to Disrupt and reject regret. Buy a Disrupt pass right now.

Powered by WPeMatico

Cyber threat startup Cygilant hit by ransomware

Cygilant, a threat detection cybersecurity company, has confirmed a ransomware attack.

Christina Lattuca, Cygilant’s chief financial officer, said in a statement that the company was “aware of a ransomware attack impacting a portion of Cygilant’s technology environment.”

“Our Cyber Defense and Response Center team took immediate and decisive action to stop the progression of the attack. We are working closely with third-party forensic investigators and law enforcement to understand the full nature and impact of the attack. Cygilant is committed to the ongoing security of our network and to continuously strengthening all aspects of our security program,” the statement said.

Cygilant is believed to be the latest victim of NetWalker, a ransomware-as-a-service group, which lets threat groups rent access to its infrastructure to launch their own attacks, according to Brett Callow, a ransomware expert and threat analyst at security firm Emsisoft .

The file-encrypting malware itself not only scrambles a victim’s files but also exfiltrates the data to the hacker’s servers. The hackers typically threaten to publish the victim’s files if the ransom isn’t paid.

A site on the dark web associated with the NetWalker ransomware group posted screenshots of internal network files and directories believed to be associated with Cygilant.

Cygilant did not say if it paid the ransom. But at the time of writing, the dark web listing with Cygilant’s data had disappeared.

“Groups permanently delist companies when they’ve paid or, in some cases, temporarily delist them once they’ve agreed to come to the negotiating table,” said Callow. “NetWalker has temporarily delisted pending negotiations in at least one other case.”

Powered by WPeMatico

A SonicWall cloud bug exposed corporate networks to hackers

A newly discovered bug in a cloud system used to manage SonicWall firewalls could have allowed hackers to break into thousands of corporate networks.

Enterprise firewalls and virtual private network appliances are vital gatekeepers tasked with protecting corporate networks from hackers and cyberattacks while still letting in employees working from home during the pandemic. Even though most offices are empty, hackers frequently look for bugs in critical network gear in order to break into company networks to steal data or plant malware.

Vangelis Stykas, a researcher at security firm Pen Test Partners, found the new bug in SonicWall’s Global Management System (GMS), a web app that lets IT departments remotely configure their SonicWall devices across the network.

But the bug, if exploited, meant any existing user with access to SonicWall’s GMS could create a user account with access to any other company’s network without permission.

From there, the newly created account could remotely manage the SonicWall gear of that company.

In a blog post shared with TechCrunch, Stykas said there were two barriers to entry. Firstly, a would-be attacker would need an existing SonicWall GMS user account. The easiest way — and what Stykas did to independently test the bug — was to buy a SonicWall device.

The second issue was that the would-be attacker would also need to guess a unique seven-digit number associated with another company’s network. But Stykas said that this number appeared to be sequential and could be easily enumerated, one after the other.

Once inside a company’s network, the attacker could deliver ransomware directly to the internal systems of their victims, an increasingly popular tactic for financially driven hackers.

SonicWall confirmed the bug is now fixed. But Stykas criticized the company for taking more than two weeks to patch the vulnerability, which he described as “trivial” to exploit.

“Even car alarm vendors have fixed similar issues inside three days of us reporting,” he wrote.

A SonicWall spokesperson defended the decision to subject the fix to a “full” quality check before it was rolled out, and said it is “not aware” of any exploitation of the vulnerability.

Powered by WPeMatico

Decrypted: Tesla’s ransomware near miss, Palantir’s S-1 risk factors

Another busy week in cybersecurity.

In case you missed it: A widely used messaging app used by over a million protesters has several major security flaws; a little-known loophole has let the DMV sell driver’s licenses and Social Security records to private investigators; and the U.S. government is suing to reclaim over $2.5 million in cryptocurrency stolen by North Korean hackers from two major exchanges.

But this week we are focusing on how a Tesla employee foiled a ransomware attack, and, ahead of Palantir’s debut on the stock market, how much of a risk factor is the company’s public image?


THE BIG PICTURE

Russian charged with attempted Tesla ransomware attack

$1 million. That’s how much a Tesla employee would have netted if they accepted a bribe from a Russian operative to install malware on Tesla’s Gigafactory network in Nevada. Instead, the employee told the FBI and the Russian was arrested.

The Justice Department charged the 27-year-old Russian, Egor Igorevich, weeks later as he tried to flee the United States. According to the indictment, his plan was to ask the employee to deliberately deploy ransomware on the Gigafactory’s network, grinding the network to a halt for a ransom of several million dollars. The would-be insider threat is likely the first of its kind, one ransomware expert told Wired, as financially driven hackers continue to up their game.

Tesla founder Elon Musk tweeted earlier this week confirming that Tesla was the target of the failed attack.

The attack, if carried out, could have been devastating. The indictment said that the malware was designed to extract data from the network before locking its files. This data-stealing ransomware is an increasing trend. These hacker groups not only encrypt a victim’s files but also exfiltrate the data to their servers. The hackers typically threaten to publish the victim’s files if the ransom isn’t paid.

Powered by WPeMatico

Decrypted: DEA spying on protesters, DDoS attacks, Signal downloads spike

This week saw protests spread across the world sparked by the murder of George Floyd, an unarmed Black man, killed by a white police officer in Minneapolis last month.

The U.S. hasn’t seen protests like this in a generation, with millions taking to the streets each day to lend their voice and support. But they were met with heavily armored police, drones watching from above, and “covert” surveillance by the federal government.

That’s exactly why cybersecurity and privacy is more important than ever, not least to protect law-abiding protesters demonstrating against police brutality and institutionalized, systemic racism. It’s also prompted those working in cybersecurity — many of which are former law enforcement themselves — to check their own privilege and confront the racism from within their ranks and lend their knowledge to their fellow citizens.


THE BIG PICTURE

DEA allowed ‘covert surveillance’ of protesters

The Justice Department has granted the Drug Enforcement Administration, typically tasked with enforcing federal drug-related laws, the authority to conduct “covert surveillance” on protesters across the U.S., effectively turning the civilian law enforcement division into a domestic intelligence agency.

The DEA is one of the most tech-savvy government agencies in the federal government, with access to “stingray” cell site simulators to track and locate phones, a secret program that allows the agency access to billions of domestic phone records, and facial recognition technology.

Lawmakers decried the Justice Department’s move to allow the DEA to spy on protesters, calling on the government to “immediately rescind” the order, describing it as “antithetical” to Americans’ right to peacefully assembly.

Powered by WPeMatico

RiskIQ adds National Grid Partners as securing data becomes a strategic priority for utilities

RiskIQ, a startup providing application security, risk assessment and vulnerability management services, has added National Grid Partners as a strategic investor. 

The funding from the investment arm of National Grid, a multinational energy provider, is part of a $15 million new round of financing designed to take the company’s technology into critical industrial infrastructure — with National Grid as a point of entry.

More than 6,000 companies use the company’s services, and the roster list and technology on offer has attracted some of the biggest names in investing, including Summit Partners, Battery Ventures, Georgian Partners and MassMutual Ventures.

“We view NGP’s show of support as an incredible opportunity to help customers in new markets thrive as their attack surfaces expand outside the firewall, especially now amid the COVID-19 pandemic,” RiskIQ chief executive Lou Manousos said in a statement. 

RiskIQ has spent the past 10 years spidering the internet looking for all of the exploits that hackers use to penetrate networks and have built that into a database of threats. This inventory gives the company an ability to identify which assets within a company present the most obvious threats. Its automated services constantly scan third-party code, internet-connected devices and mobile applications for potential vulnerabilities, the company said.

As a staple platform in their core security environment, our cyber threat analysts use RiskIQ regularly to enrich and identify incoming threats,” said Lisa Lambert, president of National Grid Partners and chief technology and innovation officer of National Grid, in a statement.

National Grid’s investment is a piece of a deeper partnership that will see NGP providing strategic advice for the security company as it looks to expand its commercial operations among industrial and utility customers.

 

Powered by WPeMatico

Decrypted: iOS 13.5 jailbreak, FBI slams Apple, VCs talk cybersecurity

It was a busy week in security.

Newly released documents shown exclusively to TechCrunch show that U.S. immigration authorities used a controversial cell phone snooping technology known as a “stingray” hundreds of times in the past three years. Also, if you haven’t updated your Android phone in a while, now would be a good time to check. That’s because a brand-new security vulnerability was found — and patched. The bug, if exploited, could let a malicious app trick a user into thinking they’re using a legitimate app that can be used to steal passwords.

Here’s more from the week.


THE BIG PICTURE

Every iPhone now has a working jailbreak

Powered by WPeMatico