Information

09 Feb

ESET Threat Report T3 2022

Information

A view of the T3 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts In 2022, an unprovoked and unjustified attack on Ukraine shocked the world, bringing devastating effects on the country and its population. The war continues to impact everything from energy prices and inflation to cyberspace, which ESET researchers and analysts have monitored extensively throughout the year. Among the effects seen in cyberspace,…

Read More
09 Feb

S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]

Information

by Paul Ducklin CAN YOU GET HACKED AND THEN PROSECUTED FOR IT? Cryptocurrency crimelords. Security patches for VMware, OpenSSH and OpenSSL. Medical breacher busted. Is that a bug or a feature? Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and…

Read More
09 Feb

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Information, Insights

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “Trickbot,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. The U.S. Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. companies and government entities. Initially a stealthy trojan…

Read More
09 Feb

VulnCheck Raises $3.2M Seed Round for Threat Intel

Information, News

VulnCheck, a Massachusetts startup with ambitious plans in the vulnerability intelligence space, has attracted $3.2 million in seed-stage funding from several prominent investors. The early-stage financing round was led by Sorensen Ventures and included equity stakes for In-Q-Tel, Lux Capital, and Aviso Ventures. Based in Lexington, Mass., VulnCheck is building technology that promises exploit intelligence for vulnerability prioritization and an early-warning system for in-the-wild software exploitation activity. Founded in 2021, VulnCheck is the brainchild of…

Read More
08 Feb

OpenSSL fixes High Severity data-stealing bug – patch now!

Information

by Paul Ducklin OpenSSL, probably the best-known if not the most widely-used encryption library in the world, has just release a trifecta of security updates. These patches cover the two current open-source versions that the organisation supports for everyone, plus the “old” 1.0.2-version series, where updates are only available to customers who pay for premium support. (Getting into a position where you no longer need to pay for support is probably better for you, even…

Read More
08 Feb

Skybox Security Raises $50M, Hires New CEO

Information, News

Skybox Security, a late-stage California startup in the security analytics space, has closed a $50 million financing round and hired a new chief executive. The San Jose company announced Wednesday that former Digital Guardian CEO Mordecai (Mo) Rosen will take the reins at Skybox and manage the company through a new financing round that brings the total raised to $335 million. The private equity-backed Skybox said investors in the latest round include CVC Growth Funds,…

Read More
07 Feb

KrebsOnSecurity in Upcoming Hulu Series on Ashley Madison Breach

Information, Insights

KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison. While I can’t predict what the producers will do with the video interviews we shot, it’s fair to say the series will explore compelling new clues as to who may have been responsible for the attack. The new docuseries produced by ABC News Studios and Wall to Wall Media…

Read More
07 Feb

Online safety laws: What’s in store for children’s digital playgrounds?

Information

As children’s safety and privacy online becomes a matter of increasing urgency, lawmakers around the world push ahead on new regulations in the digital realm Tomorrow is Safer Internet Day (SID), an annual awareness campaign that started in Europe in 2004 and that aims to highlight the need for people to enjoy the benefits of the internet while mitigating their exposure to online risks. Now in its 20th edition, SID has evolved into a landmark…

Read More
07 Feb

VMWare user? Worried about “ESXi ransomware”? Check your patches now!

Information

by Paul Ducklin Cybersecurity news, in Europe at least, is currently dominated by stories about “VMWare ESXi ransomware” that is doing the rounds, literally and (in a cryptographic sense at least) figuratively. CERT-FR, the French government’s computer emergency response team, kicked off what quickly turned into a mini-panic at the tail end of last week, with a bulletin entitled simply: Campagne d’exploitation d’une vulnérabilité affectant VMware ESXi (Cyberattack exploiting a VMWare ESXi vulnerability). Although the…

Read More
07 Feb

Software Supply Chain Security Firm Lineaje Raises $7 Million

Information, News

Software supply chain security startup Lineaje today announced that it has raised $7 million in a seed funding round led by Tenable Ventures. Dreamit Ventures and Veear Capital also participated in the investment round, along with various angel investors. Founded in 2021, the Saratoga, California-based company helps organizations secure their software supply chain, regardless of whether they are the developers, suppliers, or users of software. Lineaje’s SB0M360 software supply chain management solution can identify all…

Read More