Plus: New VM2 sandbox Javascript flaw found
Part of Network | |
Presented by |
A new PayPal invoice scamming campaign has surfaced. Threat actors are using crypto to hide. More: - The hacking campaign was tracked by a Japanese security research company named Trend Micro. The company found the flaw only a few days ago.
- Scammers involved in the scheme usually send messages claiming that they've already received a payment from their targeting, thanking them for the payment and sending a fake invoice. The emails/messages contain an infected link that asks the target to:
- add personal information in order to log in to a page,
- download software,
- visit another website that is also infected,
- or allow permission to gain control of their device.
- The scammers are using cryptocurrencies and blockchains such as Bitcoin and Solana to hide their transactions.
- Experts recommend that users be more aware of the URLs they visit, avoid clicking on phone numbers, and contact customer support for any questions they have about a company.
| |
The White House has released a memo regarding several cybersecurity decisions that the Biden Administration has made so far. The statement includes 11 different points. More: - The official statement describes concrete steps that the current administration has taken to improve the cybersecurity landscape in the U.S.
- The administration considers cybersecurity directives for the TSA, legislation for the rail and pipeline sectors, the Bipartisan Infrastructure Law, and numerous other legislative measures to be key decisions that will help protect federal agencies in the U.S.
- CISA has added over 150 vulnerabilities to its Known Exploited Vulnerabilities List in 2022 alone. The Bipartisan Infrastructure Investment and Jobs Act foresees a number of concrete steps, such as:
- The $1B State and Local Cybersecurity Grant Program,
- The $100M Cyber Response and Recovery Fund,
- The $250M Cybersecurity for the Energy Sector Research, Development, and Demonstration Program,
- The $250M Rural and Municipal Utility Advances Cybersecurity Grant and Technical Assistance Program,
- The $50M Energy Sector Operational Support for Cyber Resilience Program,
- The $42B Broadband Equity, Access, and Deployment Program, etc.
- The statement also mentions that the U.S. government has not shied away from deploying counter-cyber offensives against threat actors, highlighting the case of the ViaSat breach. Another case mentioned by the administration is the recent Albania-Iran cyber dispute, which culminated in Albania expelling all Iranian diplomats and freezing diplomatic ties with the country due to a cyberattack.
- The focus on cybersecurity has increased as the Russian invasion of Ukraine has been paralleled by constant hacking campaigns directed toward the country and Western governments in general.
| |
A message from SECURITY COMPASS Discover an automated, scalable, developer-centric approach to threat modeling. So what differentiates a developer-centric threat modeling platform from more traditional threat modeling tools? A holistic developer-centric threat modeling platform offers a solution that covers the entire process—from analysis to implementation to measurement and reporting. It will help you release secure software faster by: - Automatically generating threat modeling diagrams
- Identifying required threat countermeasures and security controls
- Engaging key stakeholders (especially developers)
- Ensuring developers implement the required controls
- Measuring the effectiveness of the program
- Maintaining audit trails and data
- Understanding a change in risk profile
Read Developer Centric Software Threat Modeling Powered by Automation, a comprehensive guide on why developer-centric threat modeling is critical for your business. Get the guide | |
Cybersecurity startup IronVest has raised a $23M funding round. IronVest offers biometric AI solutions. More: - The funding round was led by Accomplice.
- IronVest aims to improve password security by providing a biometric password manager and help companies avoid breaches carried out through tools such as SimSwap, identify theft, business email compromise, etc.
- The company believes that by storing biometric data with decentralized technology, threat actors will have a lower chance of stealing it.
- Industry experts believe that the biometric systems market will grow to $82.9B by 2027, up from the current $42.9B value.
| |
A new VM2 Javascript sandbox security vulnerability tracked as CVE-2022-36067 has been found. The flaw has a 10 CVSS rating. More: - The flaw is being named Sandbreak due to it being tracked in the VM2 Javascript sandbox.
- While the library's creators have patched the flaw in the past, hackers can override them with a custom object that implements the "prepareStackTrace" function, accessing objects created outside the sandbox and running commands in the current process.
- The VM2 sandbox has over 16 million downloads, making the breach one of the most dangerous attacks of its kind in recent memory.
- This flaw was tracked on Aug. 16, 2022, while the VM2 owners were notified two days later.
| |
|
Adyton, a company that works in the public defense sector, has raised a $10M Series A. Khosla Ventures led the round. More: - The company is known for its flagship software solution named Mustr. The mobile-first software enables defense organizations to become more efficient at communicating and completing administrative tasks, saving many hours of valuable time that could be spent on national security issues.
- This product is used by organizations such as the U.S. Department of Defense.
- Adyton will use the funds for product development, as Khosla Ventures stated that it believes the company is one of the most promising ones in the defense sector.
| |
Quick Hits: - Get the best practices from seven successful influencer campaigns and the brands that created them.*
- Siemplify and Mandiant, two companies that were recently acquired by Google for a combined $5.9B, will now be merged under one software suite named Chronicle Security Operations.
- The White House will present its new strategy for risk labels that manufacturers will have to place on IoT devices.
- President Joe Biden has signed an executive order that outlines the concrete actions the U.S. will take to respect its Data Privacy Framework agreement with the EU.
- A new hacking campaign is targeting real estate buyers who are often spending their life savings on properties. Threat actors this year have stolen more than $2M in Australia alone.
*This is sponsored content. | |
Upcoming events at Inside: - October 11 - AMA with Mike Malone (Smallstep)* (Register Here)
- October 13 - AMA with Ram Bartov (Chief Accounting Officer at TripActions)* (Register Here)
- October 19 - AMA with Zecca Lehn (Responsibly VC) (Register Here)
- October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)
- November 02 - AMA with Bill Glenn (Executive Chairman at Crenshaw Associates) (Register Here)
- December 07 - Live AMA with Deividi Silva ( Head of Developer Relations at Gun.io) (Register Here)
*This is a sponsored listing. | |
| | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |
Create, send and track emails that customers look forward to getting with Constant Contact. | |
767 Bryant St. #203, San Francisco, CA 94107 Copyright © 2022 Inside.com | |
|