Plus: Microsoft has tracked an updated variant of FoggyWeb
| Part of  Network | |
 Presented by  |
 Hackers created an AI hologram of Binance's Chief Communications Officer, managing to scam numerous companies and cybersecurity researchers. The executive was made aware of the deepfake after multiple people thanked him for what they believed were his consulting services. More: - The hacking campaign was announced by Binance in a blog post.
- Hackers reportedly used previous interviews that Patrick Hillman, CCO at Binance, had given.
- Hillman received numerous messages from people who thanked him for advice on Binance listings. Hillman stated that this served as a warning for him because he does not have access to listings.
- A friend of the executive alerted him to the fact that someone had created a hologram of him using artificial intelligence.
- The threat actor responsible for the hacking campaign is unknown at this point, but the company warned its users to utilize safety measures such as Binance Verify.
| |
 The threat actors who breached Twilio have also breached over 130 different targets. Hackers are using phishing as a threat vector. More: - Other companies affected by the hack include MailChimp, Cloudflare, and Klaviyo.
- The hacking campaign revolves around a phishing tool tracked as "oktopus."
- The tool has been used to steal over 9,000 log-in credentials so far.
- Hackers send SMS messages to their targets, convincing them that they are using an identity verification platform service known as Okta.
| |
 A message from QUANTUM Avoid Paying a Ransom - Get the Ultimate Backup Guide Before You Need It Paying a ransom may sound like the best case scenario: get your data back, make your customers feel worth it. But actually, it can affect your business in other ways and may, in some cases, be illegal. Make sure your systems are protected across the entire data lifecycle - and never pay a ransom again. You’re able to balance cost while maximizing efficiency. No one can stop ransomware or fully prevent it from taking place - but you can make sure you’re protecting your customers and your data by ensuring that there is a fully air-gapped solution. Request A Demo
| |
 Researchers have tracked malware targeting South Korean diplomats. The North-Korean-backed threat actor Kimusky has been linked as the possible attack originator. More: - Kimsuky is also known as Black Banshee, Thallium, and Velvet Chollima.
- Researchers have named the malware GoldDragon.
- The malware is also targeting South Korean university professors, think tank researchers, and government officials.
- Once a user engages with a malicious link or malware-infected Microsoft Office document, the malware drops a Visual Basic script from a remote server that can fingerprint and extract data from private servers.
- Kimsuky has been active at least since 2012, stealing data from institutions such as the Korea Hydro and Nuclear Power, the Korean Atomic Energy Research Institute, etc.
| |
 Microsoft has tracked a new malware that could be exploited by a threat actor known as Nobelium. The malware is being tracked as Magic Web. More: - Magic Web derives from a flaw previously known as FoggyWeb.The latter was capable of exfiltrating the configuration database of compromised ADFS servers and decrypting token-signing and token-decryption certificates.
- Unlike Foggy Webb, the new variant can manipulate authentication certificates.
- Nobelium is believed to have been involved in breaching SolarWinds, a software company that provided important technology for the U.S. government. The breach raised concern over the long-term effect it would have on national security and overall tactical capabilities.
| |
 A message from SECURITY COMPASS Current approaches to software threat modeling simply don’t work. They are manual, inconsistent, take too long, don’t scale, and don’t give developers what they need. When software security and compliance are considered more as an afterthought, rather than a vital step in the development process, organizations end up trying to remediate security and compliance issues after software has been written, rather than preventing issues in the first place. Here you can find a series of posts breaking down how you can anticipate threats earlier in the software development life cycle to create more secure and compliant software. Empower DevSecOps teams to make software secure and compliant by: - Design through automating threat modeling
- Generating application security requirements
- Providing secure development
- Compliance best practices
The SD Elements platform is the best solution for organizations who: - Need to scalably model software threats
- Identify countermeasures
- Deliver secure and compliant code quickly.
Learn How
| |
 Cyberstarts has closed a $60M fund. The fund will focus on cybersecurity startups and will be officially named Seed fund III. More: - Cyberstarts claims that it saw a weighted annual return to investors of 300%.
- Its portfolio companies raised $2B in 2021, with a combined valuation of $20B, from firms including Sequoia, Greylock, Lightspeed, Index, Insight, Accel, General Atlantic, and many more.
- The company manages around $374M.
- Cyberstarts was founded in 2018 and is based in Israel.
| |
Quick Hits: - Consumers want an instant and personalized content experience. Read How a Cloud-Native CMS Makes Content Delivery Faster and Easier.*
- The Small Business Administration will donate $3M to businesses through delegates from multiple states in the U.S.
- Miami Dade College has received $2M from the Florida Department of Education and the Florida Center for Cybersecurity. The purpose of this donation is to improve its educational capabilities in the field of cybersecurity and incentivize students to enroll in this program.
- Entrepreneurs are claiming that waiting for the funds granted by new cybersecurity legislation has caused them inefficiencies in their business so far and called for a faster evaluation process.
- Give business gifts people actually want without going over budget. Explore our interactive catalog for this year's trends.*
*This is sponsored content.
| |
Upcoming events at Inside: - August 30 - An overview of simulation and cloud tools in embedded software (Register Here) *
- August 31 - AMA with Sophia Amoruso (CEO at Business Class) (Register Here)
- September 07 - AMA with Andrew Gazdecki (Founder of MicroAcquire) (Register Here)
- September 09 - AMA with Jay Ryan (U.S. Federal Government Program Manager at Security Compass) (Register Here)
- September 14 - AMA with Brian Dean (Founder of Backlinko) (Register Here)
- September 21 - AMA with Kristen Ruby (Founder of Ruby Media Group) (Register Here)
- September 28 - Free Access to the Semantic Layer Summit with 30+ Enterprise Data Leaders (Register Here) *
- September 28 - AMA with Leigh-Ann Buchanan (Founder of aīre ventures) (Register Here)
- October 12 - AMA with Bill Glenn (Executive Chairman at Crenshaw Associates) (Register Here)
- October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)
*This is a sponsored listing.
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
With Quantum, we shift the focus from accumulating data to making it work for you. | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |
| 767 Bryant St. #203, San Francisco, CA 94107
Copyright © 2022 Inside.com | |
| |
