Plus: Microsoft claims it has patched a security bug known as Shadow Coerce
| Part of  Network | |
 Presented by  |
 Famous hotel chain Marriott has stated that it has been breached by hackers. An employee of the company was hacked, leading to a possible customer data leak. More: - The threat actor is unknown at this point, but it is reported that it has been active for at least five years.
- Hackers used social engineering as their threat vector, convincing an employee to use their computers. The hacker may have managed to gain access through links that look similar to the ones Marriott usually sends.
- The threat actor claims that they've stolen information such as the names of guests, details about their visits, credit card numbers, etc., while Marriott has denied the claims. The company stated that no severe customer information theft happened during the attack.
Zoom Out: - Marriott has been breached twice before. The famous hotel chain was first breached in 2018 when 500 million customers had their data leaked.
- In 2020 the hotel was hacked again, this time seeing the data of over 5 million customers be accessed and used by threat actors.
| |
 U.S. agency NIST has deployed four algorithms that could protect against attacks by quantum computers. The algorithms will now be used as a part of NIST's cryptographic defense protocol. More: - The National Institute of Standards and Technology has chosen the group of algorithms intending to protect U.S. data from potential hackers who may want to utilize the power that quantum computers have to breach the country's systems.
- NIST will use the Crystals-Kaber algorithm in order to protect its general online services, while fully deploying the new four algorithms will take two years.
- The Institute is considering at least four more algorithms to add to its defensive cyber arsenal. NIST chose three different algorithms to help deal with digital signatures. The concept of digital signatures is not new but has developed in recent years into a full-fledged replacement for physical signatures. The Institute chose CRYSTALS-Dilithium, Falcon, and Sphincs.
Zoom Out: - Quantum computing is one of the fields that is expected to play a huge role in shaping the future of technology. The U.K. government recently announced its plans to become a power in quantum computing by allocating over $1B for the field.
- Australia also is counting on this technology to improve its economy and industrial production capabilities.
| |
 A message from CAPACITY Chatbots are changing (for the better) Customers have a lot of questions, and they expect instant and accurate responses. To give them the support they expect, businesses are flocking to AI chatbots that are on call 24/7/365. - 3 out of 4 of consumers cite chatbots as their preferred method of communication with a business.
- On average, chatbots cut customer service costs by 30% or more.
- Almost 65% of consumers cite 24/7 availability as their top reason for preferring chatbots.
See Capacity in action
| |
 Google has released a new patch for a new zero-day vulnerability that appeared on Google Chrome. The bug is being tracked as CVE-2022-2294. More: - The bug targets the computer's memory system. Essentially, the flaw looks to override the device by creating more computations than the device can handle.
- If the attack is successful, the hacker may gain remote access to the victim's device or shut it down through DDoS attacks.
- Google stated that it remains cautious about the fact that an exploit for the bug is still circulating among threat actors.
- The company has released new updates for Windows, macOS, and Android devices.
Zoom Out: - The report comes a few weeks after Android and Ios devices were hacked by Italian spyware.
- Google stated that it recently stopped over 30 attacks in a week. The cyberattacks were coordinated by hacker groups that are backed by hostile governments around the world.
| |
 Microsoft has fixed a security flaw that allowed hackers to take control of Windows domains. The company did not release an official statement, but its recent updates show that the bug will be addressed. More: - Tracked as ShadowCoerce, the bug took advantage of accounts in which MS-FSRV is activated. The tool is used to create copies of a specific file and share those copies in the same network.
- By managing to breach a target, hackers could take control of the Windows domain on which the network depends. This can pose a risk for all the devices that are connected to the same network or use the same domain.
- Users can access options in their admin tools and turn this option off, reducing the risk. Microsoft claims that the issue has been patched with the newly released updates.
Zoom Out: - Microsoft launched its cybersecurity services division this year, claiming that this division is the company's highest growing one.
- CISA recently warned federal agencies to patch Microsoft bugs that can potentially endanger security matters in the U.S.
- The company has been a victim of many breaches this year due to numerous bugs. At one point, hackers during a hackathon managed to breach Microsoft's products hundreds of times within one session.
- Thousands of Microsoft users were victims of data theft caused by a hacker group believed to be Chinese state-backed.
| |
 Cybersecurity company watchTowr raised an $8M pre-series A round. The Singapore-based startup's round was led by Prosus Ventures and Vulcan Capital. More: - watchTowr provides a software solution that allows a company to see its security from the perspective of a hacker, highlighting its technology.
- According to the company, its solution has helped companies avoid powerful malware such as ProxyShell and Log4Shell. Proxyshell is a hacking campaign that relies on a Microsoft security bug. Microsoft's web server has been manipulated by threat actors who have used the personal data stored there to launch attacks against individuals.
- The company stated that it wants to use the funds to expand its portfolio, while cybersecurity investments, in general, have recently seen a drop.
- Log4shell is malware that has been used by threat actors for several months. It has been active in numerous countries, with CISA warning of the malware multiple times. Companies such as NVIDIA have also been affected by this hacking campaign. The bug has caused public institutions such as the FTC to publicly demand that organizations do not ignore security update advice.
| |
Quick Hits: - End your expense reporting nightmares; get $100 to see how dreamy it can be.
- Israel has signed an agreement with Boeing. The deal will help Boeing increase its capabilities in defense while also promoting cyber defense in the aviation industry in general.
- Globe Telecom has partnered with Union Bank to combat scams and have a faster process of exchanging information with each other. The Telecom company's customers have been hit by many scamming attempts.
- Several cybersecurity researchers have stated that Microsoft may want to improve its cybersecurity business by using citations that are not backed up by scientific sources.
*This is a sponsored post.
| |
Upcoming events at Inside:
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 Ford. | |
Capacity is a secure, AI automation platform that helps orgs scale and automate support. | |
| 767 Bryant St. #203, San Francisco, CA 94107
Copyright © 2022 Inside.com | |
| |
