Plus: Blackrock leads $120M round in SASE provider Versa
| Part of  Network | |
 Presented by  |
A new Apple iOS and macOS security flaw could enable hackers to listen to your conversations. The flaw abuses a bug in Bluetooth-connected Airpods. More: - The security flaw, tracked as CVE-2022-32946, was first reported in August 2022 by an independent researcher.
- The bug enables threat actors to activate Siri, Apple's AI assistant. Siri then proceeds to record any audio inputs that the iPhone and MacBook can reach.
- Apple has not confirmed if threat actors have abused the flaw, while the researcher responsible for tracking the bug claimed that it might have been abused for years.
- According to Apple, iOS 16.1 patches this flaw. Researchers believe that the flaw may still be abused in different apps and even may go unnoticed for a long time.
Zoom Out: - A few months ago, Apple urgently released a number of patches that dealt with 39 different security vulnerabilities.
- Days ago, Meta warned Apple and Samsung that it had tracked over 400 apps that spread malware but were actively being downloaded by users in the App Store and Play Store, respectively. The apps may have affected millions of people.
| |
GitHub has patched a bug that could've let hackers hijack other people's repositories. The bug enabled users to deploy a method known as repojacking. More: - Repojacking is a method that threat actors use to breach repositories in GitHub. Essentially, they open an account with an old username that belonged to someone else. By doing so, they gain access to the repositories that the old account had ownership over, automatically enabling them to deploy malware to these links.
- GitHub has attempted several solutions but has failed to stop the attacks.
- A research company stated that the bug found in GitHub's security protocol, which was later patched by the company, could've allowed hackers to bypass these measures.
- If a threat actor were to infect an open-source project, theoretically, they could infect millions of users who have apps that rely on those projects.
- In early 2022, many threat actors used repojacking by cloning several repositories and attempting to spread malware through the code within those repositories.
Zoom Out: - In 2020, Microsoft's GitHub account was hacked by Shiny Hunters. The latter managed to steal 500GB worth of data.
- GitHub's OAuth tokens have been a controversial topic, as many companies suffered data breaches due to a flaw in the technology. Heroku admitted to having had login credentials and other data stolen by hackers through this bug.
| |
 A message from LAIKA If you’re trying to close deals, SOC 2 is probably a thorn in your side. What is it, and who cares? Your business needs SOC 2. But building compliance from scratch is complicated, time-consuming, and the cost can be crippling. Laika has you covered. Uncomplicate SOC 2 with our guide for growth-minded founders. In the guide by Laika you’ll learn: - What is SOC 2 compliance and why it matters for your startup
- How to close more deals faster by becoming SOC 2 compliant
- How to prepare for SOC 2 compliance
- What to expect in terms of time and cost
- What to do after the report is in
What makes Laika the authority on SOC 2? They’re the only compliance automation solution that was built by compliance experts. Learn how to turn compliance from a pain point into a secret edge over your competitors. Download Now 
| |
Australian Medibank has stated that all of its customer data was hacked in a previously reported hacking campaign. The breach has officially affected over 4 million individuals. More: - Medibank is one of the largest banks in Australia. The company previously denied reports that the cyberattack had affected all customer data, stating that it needed more time to analyze the situation.
- The hacking campaign is believed to have also affected the data of former customers due to current laws in place that oblige companies to store patient data for up to 7 years, depending on the patients' age.
- The company did not disclose if the hackers stole the data or if it has been sold on the dark web.
Zoom Out: - A former U.S. tech worker was recently convicted after helping execute one of the largest bank hacking campaigns in history that led to a $432M theft.
- Only a few days ago, a woman in Detroit had all of her money stolen by hackers.
- A pensioner in New Zealand recently reported losing $134,000. He claims hackers stole the funds, while his bank has denied any responsibility.
| |
BlackRock has led a $120M funding round in SASE provider Versa. The company's round comes after a 60% growth in its average contract value. More: - SASE, short for Secure Access Service Edge, is a technology that helps connect cloud services with internet users and devices. Due to the increasing reliance on cloud technology, SASE is expected to grow exponentially.
- The company offers numerous other security services that are all easily integrated through an all-in-one tech stack.
- Versa aims to offer its AI detection and prevention platform to small businesses, which are 43% percent of cyberattack cases.
- The number of hacking campaigns has grown by 50% since 2020, while spending in the field has reached $1T.
- Versa's funding round is structured in both equity and debt.
| |
Protexxa has raised a $2.9M Seed round to provide AI-powered cybersecurity to small businesses. The company aims to help avoid human errors, which are the cause of 90% of breaches. More: - The company's seed funding round was led by BKR Capital, with participation from The Firehood Angels and other angel investors.
- Protexxa believes that the growing number of cyberattacks against public and private organizations is not going to stop any time soon. A combination of the pandemic, the war in Ukraine, and other technological factors have led to cybersecurity becoming one of the sectors where companies are investing the most.
- Protexxa aims to use this mindset shift from business executives to convince them that they can avoid most of their cybersecurity high-risk episodes by following strict cybersecurity hygiene that involves training their staff and using its own platform to detect any mistakes from employees.
| |
Quick Hits: - Scale up with this toolkit and get your brand on everyone’s wishlist.*
- The New York Post released a statement claiming its Twitter account was hacked by an employee. The employee allegedly wrote tweets that called for violence against U.S. President Joe Biden.
- International media conglomerate Thomson Reuters has allegedly left 3TB worth of user data unprotected and open for hackers to steal. Threat actors now may have access to a list of email addresses and details such as login queries, password changes, settings changes, etc.
- Barings Private Equity India led a $9.2M Series A round in BluSapphire Cyber Systems.
- At least 80 C2 servers supported by the ShadowPad malware have been tracked by security researchers in one year. The malware has previously been used to attack governments in Asia.
*This is sponsored content.
| |
Upcoming events at Inside: - November 02 - AMA with Bill Glenn (Executive Chairman at Crenshaw Associates) (Register Here)
- November 09 - Synthetic data for more efficient, robust and ethical model development - Live AMA with Yashar Behzadi (CEO and Founder of Synthesis AI)* (Register Here)
- December 07 - Live AMA with Deividi Silva ( Head of Developer Relations at Gun.io) (Register Here)
*This is a sponsored listing.
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Laika is a unified compliance platform that automates workflows for audits, infosec monitoring, and vendor due diligence in a single, collaborative space. | |
| 767 Bryant St. #203, San Francisco, CA 94107
Copyright © 2022 Inside.com | |
| |
