 Hackers could have accessed your Ring camera due to a security flaw, according to a new report by researchers. According to Amazon, the security flaw was patched a few months ago. More: - Ring is a home-surveillance camera system that has over 10 million app downloads.
- The security flaw was found in (com.ringapp/com.ring.nh.deeplink.DeepLinkActivity).
- By exploiting further security flaws found in (cyberchef.schlarpc.people.a2z.com), hackers could have convinced users to download a malware app.
- By downloading it, users were redirected to a malicious page that could have stolen their authorization token, which is supposed to be unique to the user who has it.
- Through this token, hackers could then use the session cookie to steal a user's critical information such as their name, last name, address, email, phone number, location, etc.
- Researchers warned Amazon of the flaw on May 1, 2022, while the flaw was then supposedly patched in an update released on May 27.
Zoom Out: - Only a few months ago, a former Amazon employee was convicted of wire fraud and hacking for stealing the data of Capital One customers, which was stored on Amazon Web Services cloud servers.
- In 2018, many customers had their data breached and stolen due to a cyberattack days before Black Friday.
| |
 Google stated that it managed to stop the largest ever HTTPS-based DDoS cyber attack in history. The cyberattack peaked at 46 million requests per second. More: - This hacking attempt happened on Thursday, with threat actors using the Meris botnet as their threat vector.
- The 46 million requests per second tracked in this hacking campaign beat the previous record of 26 million requests per second, a DDoS cyberattack that was stopped by Cloudflare only two months ago.
- This considerable increase shows that threat actors may increase their focus on data providers, driven at least partially by the financial benefits stealing critical data can provide for them.
- Google stated that the attack started at 9:45 a.m. PT with 10,000 requests per second before growing to 100,000 at 9:53 a.m PT. The attack reached its high point of 46 million RPS at 10:18 a.m. PT.
- The cyberattack lasted for 69 minutes. Google tracked 5,256 IP addresses located in 132 countries, almost a third of which were located in Brazil, India, Russia, and Indonesia.
Zoom Out: - Cisco was recently hacked due to a breached Gmail account belonging to an employee.
- The company has also actively supported Ukraine against Russian cyberattacks, claiming that it has disrupted and caught numerous hacking campaigns targeting the country.
| |
 A message from SECURITY COMPASS Current approaches to software threat modeling simply don’t work. They are manual, inconsistent, take too long, don’t scale, and don’t give developers what they need. When software security and compliance are considered more as an afterthought, rather than a vital step in the development process, organizations end up trying to remediate security and compliance issues after software has been written, rather than preventing issues in the first place. Here you can find a series of posts breaking down how you can anticipate threats earlier in the software development life cycle to create more secure and compliant software. Empower DevSecOps teams to make software secure and compliant by design through automating threat modeling, generating application security requirements, and providing secure development and compliance best practices. The SD Elements platform is the best solution for organizations who need to scalably model software threats, identify countermeasures, and deliver secure, compliant code quickly. Get the whitepapers
| |
 The U.S. Cyber Command has concluded its cyber mission in Croatia. The command was sent one month ago with the purpose of helping the country become proactive against possible cyber threats. More: - The operation is part of a larger campaign that is currently active in countries such as Estonia, North Macedonia, Ukraine, Lithuania, and Montenegro.
- This operation aims to help smaller democratic nations that are strategically important to the U.S. develop proactive cybersecurity capabilities. This operation is officially named Hunt Forward.
- The U.S. Cyber Command cooperated with the Croatian Security and Intelligence Agency, specifically its Cybersecurity Operation Centre.
- U.S. officials stated that all of these countries have asked for its assistance.
- This mission was the 35th in total since the program's inception in 2018. Over 50 countries participate in it currently.
| |
 The TA558 hacker group is targeting hotels and travel organizations with ongoing malware attacks. The attacks are focused on Latin America. More: - Researchers believe that the group has been actively trying to exploit security flaws since 2018.
- TA558 has used Loda RAT, Vjw0rm, and Revenge RAT as its threat vectors.
- The group has intensified its phishing activity in 2022, seemingly to take advantage of the fact that people are traveling more as a result of not being constrained by COVID-19 isolation rules. This is especially noticeable by analyzing the countries which the group has targeted.
- TA558 uses phishing emails that contain fake hotel reservations. Once a target clicks on the document, a PowerShell-based script is activated, installing the malware on the specific device.
- If successful, hackers are able to steal information such as full names, email addresses, credit card information, etc.
| |
 A message from QUANTUM Save Your Data Before It Needs Saving - Air-Gapped Protection: Reliable and Cost-Effective Paying a ransom may sound like the best case scenario: get your data back, make your customers feel worth it. But actually, it can affect your business in other ways and may, in some cases, be illegal. Make sure your systems are protected across the entire data lifecycle - and never pay a ransom again. You’re able to balance cost while maximizing efficiency. No one can stop ransomware or fully prevent it from taking place - but you can make sure you’re protecting your customers and your data by ensuring that there is a fully air-gapped solution. Request A Demo
| |
 Cybersecurity startup TXOne Networks has raised a $70M Series B. The round was led by TGVest Capital, which invested $20M. More: - Other participants in the round include KAiA Capital, CDIB Capital Group, CDIB-Innolux L.P., MediaTek, Ta Ya Electric Wire & Cable, Ta Ya Venture Capital, Simplo Technology Group, CHT Security Corporation, and Ash Tower Limited.
- The company stated that it is encouraged by a recent market analysis that claims cybersecurity will become a $32.4B industry by 2027.
- TXOne claims that it has seen 107% revenue growth in 2022 compared to 2021, crediting it to recent geopolitical developments that have raised awareness among companies and governments on the importance of cybersecurity.
- The company, which focuses on verticals such as semiconductor production, medical and pharmaceutical, automobile, aerospace, smart manufacturing, food processing, public transportation, and critical electric infrastructure, aims to double its U.S. staff.
| |
Quick Hits: - Over 12 million balls trust MANSCAPED™ precision tools for their family jewels. Click here to activate 20% off + free shipping sitewide.*
- DoNot Team, a hacker group also known as APT-C-35 and Viceroy Tiger, has been tracked using an updated version of its Jaca malware toolkit. The group usually targets government institutions in India, Pakistan, Sri Lanka, and Bangladesh.
- The infamous Cobalt Strike malware is being spread through new tools such as DarkTortilla Crypter. The latter can infect devices with multiple RATs such as Agent Tesla, AsyncRat, NanoCore, and RedLine Stealer.
- Researchers have tracked Red Alpha as the hacker group responsible for a recent hacking campaign that affected think tanks, governments, and humanitarian organizations. The group's main activity is cyber espionage.
- Hook Security has received an undisclosed Series A investment from TampaBay.Ventures.
- Trying to deliver on big expectations with a small team or budget? Use this worksheet to learn how you can do more with less.*
*This is sponsored content.
| |
Upcoming events at Inside: - August 24 - AMA with Matt Mahar (CEO at Cana) (Register Here)
- August 31 - AMA with Sophia Amoruso (CEO at Business Class) (Register Here)
- September 07 - AMA with Andrew Gazdecki (Founder of MicroAcquire) (Register Here)
- September 09 - AMA with Jay Ryan (U.S. Federal Government Program Manager at Security Compass) (Register Here)
- September 14 - AMA with Brian Dean (Founder of Backlinko) (Register Here)
- September 21 - AMA with Kristen Ruby (Founder of Ruby Media Group) (Register Here)
- September 28 - AMA with Leigh-Ann Buchanan (Founder of aīre ventures) (Register Here)
- October 12 - AMA with Bill Glenn (Executive Chairman at Crenshaw Associates) (Register Here)
- October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |
With Quantum, we shift the focus from accumulating data to making it work for you. | |
