The FBI and MI5 warned that China is spying on companies and aiming to steal intellectual property. The two agencies made the statements in a joint conference. More: - The conference was held by FBI Director Christopher Wray and MI5 Director Ken McCallum, marking the first time they did so.
- According to the agencies, China is spying on companies of all sizes, ranging from Fortune 100 companies to startups across all sectors. The country is using cyberattacks to gain unauthorized access to different systems across the U.S. and U.K.
- The remarks were made in front of numerous business leaders, where the two agencies warned that China aims to steal as much intellectual property as it possibly can due to the fact that it wants to have leverage in case of possible sanctions.
- This warning comes only a few days after China heavily criticized President Biden's statement that the U.S. would protect Taiwan with its military in case of conflict.
Zoom Out: - Chinese companies have conducted numerous breaches against U.S. companies in the past, while the war in Ukraine has made cyber-warfare a reality that countries are consistently dealing with.
| |
North Korean hackers are attacking the U.S. healthcare system, according to CISA. The threat actor is using ransomware tracked as Maui. More: - The ransomware is targeting health records, diagnostics services, imaging services, etc. The data stolen from this attack could be abused for individual reasons, but it is usually not stolen and sold for profit.
- Maui ransomware targets individual files and is encrypted multiple times over, making it difficult for victims to have any hope of recovering their lost files.
- While the exact hospitals were not publicized by CISA, it is known that over 60% of US healthcare organizations have agreed to pay some type of ransom, while only 2% of them have ever received their entire data back.
Zoom Out: - Only a few days ago, an accounting company named Greeley was cyber-attacked by unknown threat actors. The company manages processes for hundreds of U.S. hospitals.
- Shields Health Care Group was hacked a few months ago, leading to the potential data leak of more than 2 million U.S. citizens.
| |
A message from SECURITY COMPASS The top challenges companies encounter when implementing DevSecOps are budget constraints and managing legal, regulatory & compliance controls. These challenges, along with the time it takes to create software applications while documenting AppSec processes along the way, have resulted in very high interest for automating proactive security and compliance processes. The need to build software with security by design, and in so doing to shift security left, is broadly accepted as one of the top priorities among mid-market-sized companies that produce software. These companies struggle to proactively define security for new software under development alongside an inability to document and track implemented controls in reasonable time periods. In this report you will learn: - a comprehensive look at the current state of AppSec
- security maturity in the mid-market
- the challenges and opportunities growing companies face when trying to scale their secure development efforts
Download the report | |
Snap has hired the previous director of the U.S. Secret Service, James Murray. He will be the company's Chief Security Officer. More: - James Murray became the director of the U.S. Secret Service in 2019, and his mandate will last until the end of July 2022.
- Murray will report directly to CEO Evan Spiegel.
- He has denied allegations that his leaving of the Secret Service is related to the recent controversy, which had led to numerous members of the service being called upon to testify in front of the U.S. Senate regarding the Capitol incident on Jan. 6, 2021.
- His responsibilities at Snap will include working with law authorities whenever needed, helping protect Snap employees from digital security threats, helping the company implement the best security protocols, etc.
| |
Apple introduced a new feature that aims to protect users from hackers. The feature is called Lockdown Mode, and the company has described it as useful in extreme situations. More: - The feature is presented in a time when spyware is being used more than ever by hacker groups and state-backed threat actors.
- The feature will be available for iOS 16, macOS Ventura, and Ipad OS16.
- Apple's Lockdown Mode will affect Messages, Browsing, Services, etc. Messages will be limited to text only, without the ability to include attachments in most cases. Users will be able to include a website in their safe list on their own, while Apple will automatically categorize websites as untrusted initially.
- The company will give multiple rewards to those who are able to find bugs in the system. Apple aims to improve the new feature consistently, stating that it will give up to $2M as a bounty reward. The figure represents the largest in the industry.
- Apple will also give a $10M grant to support organizations that report on spyware, including those that are created and/or backed by governments.
Zoom Out: - Spyware such as Pegasus, created by the Israeli NSO, has caused controversy. While its initial purpose of creation was to disrupt criminal activity, several actors have stated that the software has become a monitoring tool for political figures and militaries.
- This spyware has been used to spy on numerous foreign actors, including high-ranking EU officials.
| |
Cybersecurity startup Swimlane raised a $70M Series C funding round. The round was led by Activate capital as the company seeks to expand globally. More: - The company aims to help other companies, ranging from corporate to startups, build their cybersecurity capabilities by automating certain parts that pose too much of a financial and administrative challenge.
- Realizing the current employee gap in the cybersecurity field, Swimlane is betting that companies will pay a premium even during an economic downturn to have their data securely processed and saved.
- The company is able to release updates regularly through its cloud products as well as physically, while it has 180 employees so far. Swimlane stated that it aims to increase the number in the near future, but it also plans to go public in a five-year window.
Zoom Out: - Cybersecurity startups have raised record amounts of money this year, even during an economic downturn. The cause may be that companies have realized the importance of having good cybersecurity protocols in place after the war in Ukraine.
| |
Quick Hits: - Expense management slowly killing you? Get $100 to see how painless it should be.*
- A new cryptocurrency hacking campaign has been noticed, targeting Javascript's NPM repository. NPM is the base package manager used by more than 11 million users who utilize Node.JS.
- Cisco has released 10 updates for a list of security vulnerabilities in systems. The list includes one bug that had a ranking of high severity.
- Multiple websites have been targeted with fake Yandex forms through which threat actors are spreading malware. Yandex is the most popular search engine in Russia, raising the issue of a possible connection between TA578 and the country's authorities.
- Microsoft has retracted its decision to remove VBA macros for reasons unknown so far. VBA macros use Visual Basic Apps to trick Microsoft users into downloading malware-infected files.
*This is a sponsored post. | |
Upcoming events at Inside: - July 07, July 12 - July 14 - TechChicago Week is coming July 12-14, 2022 (Register Here)
- July 07 - July 18 - Black Tech Week is coming July 18 - 23, 2022. (Register Here)
- August 15 - August 21 - LA Tech Week is coming August 15 - 21, 2022. (Register Here)
- July 07, September 14 - September 15 - Digital Asset Summit 2022 NY is coming September 14-15, 2022 (Register Here)
- July 07, September 20 - September 21 - Blockchain Expo 2022 is coming September 20-21, 2022 (Register Here)
- October 25 - Meet Our Fund 4 - A Virtual Summit (Register Here)
- July 07 - November 14 - AIBC Summit in Europe is coming November 14-18, 2022. (Register Here)
- November 16 - The Chirp Developer Conference is a celebration of the innovation developers have brought to Twitter, the opportunities that await, plus a few surprises. (Register Here)
| |
| | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 Ford. | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |