CyberSecurity Updates

28 Aug

Acquisition Chatter Swirls Around SentinelOne, BlackBerry

Information, News

Prominent anti-malware vendors SentinelOne and BlackBerry have been separately named in public acquisition chatter, underscoring a clear signal of impending consolidation in cybersecurity. According to published reports, private equity firm Veritas Capital is in early talks to acquire BlackBerry, the venerable tech firm that acquired Cylance and reinvented itself as a cybersecurity vendor. Neither Veritas or BlackBerry has commented on the reports, which say Veritas is interested in acquiring all of the Canadian company, while…

Read More
25 Aug

Kroll Employee SIM-Swapped for Crypto Investor Data

Data Breaches, Information, Insights

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. And there are indications that fraudsters may already be exploiting the stolen data in phishing attacks. Cryptocurrency lender BlockFi and the now-collapsed crypto trading platform FTX each disclosed data breaches this week thanks to a recent SIM-swapping attack…

Read More
25 Aug

S3 Ep149: How many cryptographers does it take to change a light bulb?

Information

by Paul Ducklin HOW MANY CRYPTOGRAPHERS? No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Leaky light bulbs, WinRAR bugs, and “Airplane mode, [HIGH RISING TONE] question mark?”…

Read More
25 Aug

In Other News: Africa Cybercrime Crackdown, Unpatched macOS Flaw, Investor Disclosures

Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More
25 Aug

North Korean APT Hacks Internet Infrastructure Provider via ManageEngine Flaw

Information, News

The North Korea-linked advanced persistent threat (APT) actor Lazarus Group has been observed exploiting a Zoho ManageEngine vulnerability to compromise an internet backbone infrastructure provider in Europe, Cisco’s Talos security researchers report. The attack occurred in early 2023, roughly five days after proof-of-concept (PoC) exploit code targeting the ManageEngine flaw, which is tracked as CVE-2022-47966 (CVSS score of 9.8), was published. Identified in the Apache xmlsec (XML Security for Java) third-party dependency, the issue can…

Read More
25 Aug

Cypago Raises $13 Million for GRC Automation Platform 

Information, News

Israeli startup Cypago on Thursday announced that it has raised $13 million in a funding round led by Entrée Capital, Axon Ventures, and Jump Capital, with participation from various angel investors. Founded in 2020, the Tel Aviv-based company also launched its governance, risk management and compliance (GRC) automation (CGA) platform, which aims to bring management, security, and operations together. Combining a SaaS architecture with advanced analysis and correlation, generative AI, and automation, the platform helps…

Read More
25 Aug

CISA’s VDP Platform 2022 Annual Report Showcases Success

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its inaugural Vulnerability Disclosure Policy (VDP) Platform 2022 Annual Report, highlighting the service’s progress supporting vulnerability awareness and remediation across the Federal Civilian Executive Branch (FCEB). This report showcases how agencies have used the VDP Platform—launched in July 2021—to safeguard the FCEB and support risk reduction. The VDP platform gives federal agencies a single, user-friendly interface to intake vulnerability information and to collaborate with the public researcher community for…

Read More
24 Aug

Using WinRAR? Be sure to patch against these code execution bugs…

Information, Uncategorized

by Paul Ducklin The venerable RAR program, short for Roshal’s Archiver after its original creator, has been popular in file sharing and software distribution circles for decades, not least because of its built-in error recovery and file reconstruction features. Early internet users will remember, with little fondness, the days when large file transfers were shipped either as compressed archives split across multiple floppy disks, or uploaded to size-conscious online forums as a series of modestly-sized…

Read More