China has accused the U.S. of carrying out a cyberattack campaign. The NSA allegedly conducted the campaign. More: - The Chinese government accused the U.S. of attacking Northwestern Polytechnical University in June 2022.
- Chinese authorities claim that a specific department in the NSA, known as the Office of Tailored Access Operations, is responsible for the breach. The hacking campaign allegedly comprised tens of thousands of cyberattacks.
- NSA may have stolen up to 140GB worth of data by using multiple zero-day flaws.
- The threat vectors through which the breach may have happened are Open Trojans and DDoS attacks.
Zoom Out: - China has targeted U.S. organizations with hacking campaigns numerous times. In Operation Aurora, Chinese threat actors targeted Yahoo, Morgan Stanley, Symantec, and other companies with the purpose of stealing data.
- Researchers and government officials have claimed that China interfered with U.S. elections in 2016 and 2018.
- The U.S. Office of Personnel Management was hacked in 2015 by China-backed threat actors, with over 20 million people having their data stolen.
| |
Apple has fixed a bug that was used to hack iPhones and Macs. The company claims the bug may have been exploited by hackers. More: - This bug is tracked as CVE-2022-32917.
- The flaw could have allowed hackers to gain unauthorized access and privileges to the following devices:
- iPhone 6s and later,
- Pad Pro (all models),
- iPad Air 2 and later,
- iPad 5th generation and later,
- iPad mini 4th generation and later,
- iPod touch 7th generation,
- and Macs running macOS Big Sur 11.7 and macOS Monterey 12.6.
- This case represents the eighth security flaw that Apple has patched this year alone. Other flaws that the company has patched include:
- Apple has recommended that all users update their software to the latest iOS 15.7 version to avoid being breached.
| |
 A message from SECURITY COMPASS This is your show developers! Come and interact with our panel through questions or advice on how we can all improve developer-centric threat modeling. What to expect: Earlier this year, Security Compass ran a survey that probed the mind of developers. During this webinar, we'll be discussing our findings with security experts who live in the developer and threat modeling space. What you will learn: - The connection between developer user stories or requirements, coding, and threat modeling.
- How to keep up with the ongoing discovery of software weaknesses.
- Practical advice for developers is to stay current on threat modeling practices.
When: September 14, 2022, at 11am EST Whether you are a developer, lead, architect, or thread modeler, this webinar will leave you with something to think about. Register Here
| |
An Iranian threat actor tracked as APT42 is believed to have launched over 30 hacking campaigns. The group has carried out the attacks since 2015. More: - According to researchers, the group is boosted by the support it has from the Iranian government.
- APT42 is also believed to be collaborating with APT35, a threat actor known for breaching HBO and numerous government officials.
- The group uses social hacking to gain access to log-in credentials. This method enables the group to avoid detection by breaching systems with brute-force attacks. Members of APT42 are believed to impersonate journalists as a way of gaining credibility.
- The threat actor uses Android malware such as Vinethorn. This malware can gain access to microphones, chat history, media galleries, etc.
Zoom Out: - Only a few days ago, the U.S. announced new sanctions against Iran, as the country launched numerous attacks against U.S. allies, including a cyberattack against Albania. This hacking campaign shut down E-Albania, the country's national digital document infrastructure.
- Albania has cut all diplomatic ties with Iran as a result of this breach.
- Iranian hackers are believed to have used the most ransomware tools in 2021, causing an 82% increase in the use of this tool.
| |
Cybersecurity startup EasyDMARC has raised a $2.3M Seed round. The company offers a software solution that aims to be a one-stop shop for email protection. More: - The funding round was led by Acrobator Ventures with participation from Formula VC fund.
- EasyDMARC aims to use the funding to expand its product range and increase market share.
- Company officials stated that out of the 33 billion emails sent every day, 93% are spam, while most cyberattacks are carried out as phishing emails.
- EasyDMARC stated that it has over 30,000 clients from 130 countries. Its client list includes Ferrari, Panasonic, Tel Aviv Stock Exchange, SimilarWeb, Florida State University, etc. The software has 80,000 Monthly Active Users, and 10,000 domains are checked every day.
- The company claims the product has prevented over 82 million cyberattacks in only five years.
| |
 A message from QUANTUM Effective and Reliable Data Storage Protection that Scales on Your Terms and Budget Data recovery is possible across the entire lifecycle - and air-gapped protection is both the safest and the lowest TCO. Successful Ransomware attacks can take months to fully recover from - especially when targeted campaigns wipe out clusters of servers. So why not choose a solution that protects and recovers at any point in your data’s lifecycle? With different tiers, you’re able to ensure availability of data without compromise. You’re able to balance cost while maximizing efficiency. No one can stop ransomware or fully prevent it from taking place - but you can make sure you’re protecting your customers and your data by ensuring that there is a fully air-gapped solution. Request A Demo
| |
A hacker group known as GhostSec has breached several Israeli organizations. The group claims it represents a politically driven ideology. More: - The group claims it has breached over 55 Berghof programmable logic controllers.
- PLCs are used in manufacturing and represent a crucial technology aspect of the production chain.
- GhostSec is a group that has been active since 2015. Recently, GhostSec publically stated its support for Ukraine against Russia and launched hacking campaigns against the latter.
- Besides this attack, GhostSec claims it has also gained access to water systems in Israel, claiming that it could've changed chlorine and pH levels but chose not to do so to protect innocent citizens.
Zoom Out: - Israel has been the target of numerous cyberattacks this year. In early 2022, many government websites were hit with DDoS attacks meant to overload their servers.
- The U.S. has recently exchanged information with Israel on a number of cybersecurity-related events. The two countries are reportedly helping each other with information as a way of preventing imminent cyberattacks that may come from foreign state-backed threat actors.
| |
Quick Hits: - Join ClickUp For Startups to scale success with hands-on support and free resources. Qualifying startups get $3,000 in credit.*
- Google has acquired cybersecurity company Mandiant for $5.4B.Mandiant is a cyber intelligence company that claims access to millions of data points from hacking campaigns that occur every day. The company's services will be combined with Google Cloud.
- A new report shows that industry executives believe the lack of cybersecurity skills increases the risk of being breached. Executives in France are the most concerned with this topic, as 81% of respondents gave this answer.
- FBI teams in Albaquerque are training local businesses on the best security hygiene practices with the intention of helping them avoid possible breaches.
- CyberIoQ, a financial industry security services provider, has reached a partnership agreement with Pannovate. The latter is a fintech platform.
*This is sponsored content.
| |
Upcoming events at Inside: - September 14 - What Do Developers Think of Threat Modeling? (feat. security experts from Security Compass, Dell, and Tricentis) (Register Here) *
- September 14 - AMA with Brian Dean (Founder of Backlinko) (Register Here)
- September 21 - Hired's Navigating Market Uncertainty: The State of Tech Hiring Webinar (Register Here) *
- September 21 - AMA with Kristen Ruby (Founder of Ruby Media Group) (Register Here)
- September 28 - AMA with Leigh-Ann Buchanan (Founder of aīre ventures) (Register Here)
- October 05 - AMA with Ram Bartov (Chief Accounting Officer at TripActions)* (Register Here)
- October 12 - AMA with Bill Glenn (Executive Chairman at Crenshaw Associates) (Register Here)
- October 19 - AMA with Zecca Lehn (Responsibly VC) (Register Here)
- October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)
*This is a sponsored listing.
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Register to learn What Do Developers Think of Threat Modeling? | |
With Quantum, we shift the focus from accumulating data to making it work for you. | |
