We started asking community questions to Inside Security readers this week on Inside.com. Our question was: What is the No. 1 cybersecurity mistake companies make today? Community insights: - Kristen Ruby, CEO of Ruby Media Group, said that some of the cybersecurity mistakes companies make are:
- Using the same password on numerous platforms
- Sharing the password through insecure portals
- Forgetting to change a password when there has been a change of guards (new agency/new employee).
New Community Members: | |
A Canadian hacker has been sentenced to 20 years in prison after stealing $21.8M in a hacking campaign. The prison sentence will be served in the U.S. More: - The arrest of the 35-year-old Quebec resident was announced by the U.S. Department of Justice. He was officially charged with:
- Conspiracy to commit computer fraud,
- Conspiracy to commit wire fraud,
- Intentional damage to a protected computer, and
- Transmitting a demand in relation to damaging a protected computer.
- Law authorities had previously seized $742,840 in Canadian dollars and 719 Bitcoin, valued at approximately $21.8M at the time of seizure.
- According to the U.S. attorney responsible for the case, the hacker used NetWalker Ransomware to breach his targets. Netwalker was a Ransomware-as-a-Service hacking campaign launched in 2019. The campaign recruited other hackers to deploy the ransomware in return for a 60-75% share of the stolen money.
- The hackers' prison sentence consists of a 60-month term for counts one and four, a 120-month term for count three, and a 240-month term for count two.
| |
A message from SECURITY COMPASS Current approaches to software threat modeling simply don’t work. They are manual, inconsistent, take too long, don’t scale, and don’t give developers what they need. When software security and compliance are considered more as an afterthought, rather than a vital step in the development process, organizations end up trying to remediate security and compliance issues after software has been written, rather than preventing issues in the first place. Here you can find a series of posts breaking down how you can anticipate threats earlier in the software development life cycle to create more secure and compliant software. Empower DevSecOps teams to make software secure and compliant by: - Design through automating threat modeling
- Generating application security requirements
- Providing secure development
- Compliance best practices.
The SD Elements platform is the best solution for organizations who need to scalably model software threats, identify countermeasures, and deliver secure, compliant code quickly. Download the whitepapers | |
A Russian hacker has been arrested for helping students in India cheat in their engineering college admission exam. India's Central Bureau of Investigation made the arrest. More: - The male individual was arrested in Delhi at the Indira Gandhi International Airport.
- The hacker helped students cheat on their JEE exam. The Joint Entrance Exam is the main entrance exam for engineering universities in India. The test is a combination of single and multiple-choice questions.
- Students paid up to $18,000 to have their tests remotely filled by the threat actor and his accomplices.
- Indian authorities stated that they've searched 19 locations and confiscated over 30 devices, all of which are being used as evidence.
| |
Iranian hackers are targeting Android users with never-seen-before spyware that is being tracked as RatMilad. The campaign targets both individuals and enterprises. More: - According to researchers, the spyware is being deployed by a threat actor named RatMilad.
- The infection chain begins by convincing victims to download an app named Text Me. The app is loaded with spyware that starts collecting data once the victim accepts the proposed privacy changes made by the app.
- RatMilad can access the camera, microphone, media gallery, contacts, location, etc.
- A Telegram channel that is being used to spread the spyware has been viewed over 4,700 times, according to researchers.
| |
A message from CLICKUP What software will you be using in the future? How about just five or ten years from now? We're introducing ClickUp 3.0 (coming this year), our next-generation productivity platform built to support the new era of teamwork and connecting teams like never before. Here's what you can expect: - Connecting people around shared projects and goals, so they feel like they’re working closely together, even when they’re far apart.
- Bringing work together not only from within ClickUp but from other applications too.
- Unleashing knowledge often trapped in siloed systems by making it easy to find in one place.
- Personalizing context based on users’ prioritized projects, relationships, and interests, so they can focus on the work that matters most without unnecessary distractions.
Sign up for a business or unlimited plan with ClickUp and get 20% off your first year with code INSIDE. Claim the discount T&Cs: New customers only, apply code at check out, not combinable with other offers, business and unlimited plans only | |
Cybersecurity company IriusRisk has raised a $29M funding round. Paladin Capital led the round. More: - IriusRisk is a software company that aims to make it easier for companies to compile threat models. The product can be integrated with Amazon AWS, Microsoft Visio, and other platforms.
- Threat modeling is the process of listing possible threats and the vectors that could be used to deploy those threats.
- According to industry research, 90% of surveyed developers stated that less than 10% of the apps they built used threat modeling in the early stages of the process.
- The company claims it has quadrupled its number of users from 2021, while its revenue has grown by 106%.
| |
Washington-based Tidal Cyber has raised a $4M funding round. The company offers a threat mapping solution. More: - The round was led by Ultratech Capital Partners with participation from Access Venture Partners, TFX Capital, VIPC Virginia Venture Partners, Dreamit, First In™, BlueWing Ventures, SaaS Ventures, Riverbend Capital, Blu Venture Investors, and StoneMill Ventures.
- The software solution offers a customized threat mapping guideline based on the specific context that the client has.
- Tidal Cyber aims to use the funding to develop its product and boost customer acquisition.
- The company offers a free version of the software named Tidal Community Edition. The software uses open-source technology.
| |
Quick Hits: - The 3 Things to Never Build In Your App: Authentication, Notifications, and Payments.*
- The FBI has released a joint statement with CISA and NSA, warning that a group of hackers has likely gained access to a defense enterprise network.
- Australia's largest telecom company Telstra has announced that it has been hit by a cyberattack. The company claims no customer information has been stolen.
- BlackByte ransomware gang has been tracked deploying a new hacking campaign. The campaign involves a never-before-seen tool that disables thousands of drivers through a previously patched flaw.
- Microsoft has stated that it is currently investigating reports over a potential security bug that is disconnecting those who use Remote Desktop.
*This is sponsored content. | |
Upcoming events at Inside: - October 11 - AMA with Mike Malone (Smallstep)* (Register Here)
- October 13 - AMA with Ram Bartov (Chief Accounting Officer at TripActions)* (Register Here)
- October 19 - AMA with Zecca Lehn (Responsibly VC) (Register Here)
- October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)
- November 02 - AMA with Bill Glenn (Executive Chairman at Crenshaw Associates) (Register Here)
- December 07 - Live AMA with Deividi Silva ( Head of Developer Relations at Gun.io) (Register Here)
*This is a sponsored listing. | |
| | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |
Sign up for a business or unlimited plan with ClickUp and get 20% off your first year with code INSIDE. | |