A recently discovered Siemens security flaw could enable hackers to gain unauthorized control of your device. The flaw is being tracked as CVE-2022-38465. More: - This flaw has a CVSS rating of 9.3.
- The bug affects devices such as:
- SIMATIC Drive Controller family (all versions before 2.9.2)
- SIMATIC ET 200SP Open Controller CPU 1515SP PC2, i
- SIMATIC ET 200SP Open Controller CPU 1515SP PC, and numerous other versions.
- Flawed programmable logic controllers can lead to hackers taking over control of their targets' devices, potentially affecting thousands of enterprises worldwide.
- As a security measure, the company has encrypted the communications between engineering stations, PLCs, and HMI panels.
Zoom Out: - Siemens is the largest manufacturing company in Europe. The conglomerate has over 300,000 employees worldwide and works in telecommunications, transportation, energy, water treatment, and other sectors.
- This is not the first time that the company has struggled with PLC hacking campaigns. In early 2022, Siemens patched 27 vulnerabilities that were reported by researchers.
| |
Cybersecurity company Immersive Labs has raised a $66M funding round. Immersive Labs is based in the U.K. More: - Ten Eleven Ventures led the round, with Goldman Sachs Asset Management, Summit Partners, Insight Partners, Menlo Ventures, and Citi Ventures also participating.
- Immersive Labs offers a gamified learning platform that helps companies train their staff to adhere to the latest cybersecurity recommendations and rules.
- The company will use the funding to grow and develop its current platform.
- Immersive Labs has worked with companies such as Daimler, Citibank, Kroll, etc.
| |
A message from SECURITY COMPASS This is your show developers! Watch our panel answer questions & offer advice on how we can all improve developer-centric threat modeling. What to expect: Earlier this year, Security Compass ran a survey that probed the mind of developers. During this interactive panel discussion, we discussed our findings with security experts who live in the developer and threat modeling space. What you will learn: 🎯 The connection between developer user stories or requirements, coding, and threat modeling. 📣 How to keep up with the ongoing discovery of software weaknesses. 👨💻 Practical advice for developers to stay current on threat modeling practices. Whether you are a developer, lead, architect, or threat modeler, this webinar will leave you with something to think about. Watch Now | |
The Polonium hacker group is spying on Israeli organizations, according to a new report. The group is using several backdoors. More: - Polonium is a hacker group tracked only a few months ago. Microsoft researchers have claimed that the group may have ties with both Lebanon and the Iranian government.
- This threat actor targets companies and organizations that work in engineering, IT, marketing, insurance, etc.
- Polonium specializes in cyber espionage, using methods such as screen recording, keystroke logging, webcam spying, file extraction, etc.
- The threat actor has created several custom backdoors:
- CreepyDrive
- CreepySnail
- DeepCreep
- MegaCreep,
- FlipCreep,
- TechnoCreep, and
- PapaCreep.
- These backdoors have the capability to breach multiple cloud services and receive commands from infected servers. The group has used VPNs that may have been purchased.
- Researchers are unable to say how the hacker group breached these Israeli organizations.
Zoom Out: - Earlier this year, Microsoft was able to shut down efforts by Polonium. The group tried to abuse a OneDrive storage security flaw.
- Israeli organizations and government institutions have been targeted many times in the past. Only two weeks ago, weapons manufacturer Elbit Systems revealed that it was hacked in June 2022 by an unknown threat actor.
- One month ago, a hacktivist group named GhostSec breached 55 PLCs used by Israeli government agencies.
- Israel has also been on the other side of hacking campaigns, offering to help Albania as the country has recently cut its diplomatic ties with Iran after a major breach.
| |
IBM has invested in zero-trust software creator Cyolo. The amount is undisclosed. More: - Cyolo creates zero-trust distributed security systems. The company believes that providing distributed access to employees instead of access to an entire network decreases the chances of a possible breach.
- IBM had backed Cyolo previously in its Series B round that was closed in early 2022.
- While the company previously announced its $60M B round, the company did not disclose the latest investment amount.
- Cyolo is based in Tel Aviv, Israel.
| |
A message from CONSTANT CONTACT Email Marketing that’s simply better. Running a small business is tough, particularly when you have to do all the jobs. We’ve got the tools you need to make your marketing go much smoother, which means you can relax just a little bit more. Some of what you'll get: - Email marketing
- Sign-up forms to grow your list
- Social posting
- Engagement reporting
Attract new customers and boost sales with our complete, easy-to-use digital marketing suite. Inside readers also save 50% off 3 months of Constant Contact! Start today | |
Blockchain security company Hexens has raised a $2M Seed funding round. IOSG led the ventures. More: - Delta Blockchain Fund, ChapterOne VC, Hash Capital, ImToken Ventures, Tenzor Capital, and angel investors participated in the round.
- Hexens aims to build a suite of security tools that will enable blockchain developers and companies to safeguard their digital infrastructure.
- The company was founded in 2021.
| |
Quick Hits: - Get the best practices from seven successful influencer campaigns and the brands that created them.*
- Android users are being targeted by a new hacking campaign that uses phishing as a threat vector. Hackers are calling victims on the phone, instructing them to download a malware-infected app and give it permission to access their data.
- Singtel, one of the largest telecommunication companies present in Australia, has been hacked again. Dialog, one of the branches of Singtel, announced that hackers have stolen the data of 20 clients and around 1,000 former and current employees.
- A new report shows that 1 in 3 people in the U.S. and Canada have stated that they've been hacked by phishing campaigns recently.
- The U.S. government is set to release new cybersecurity guidelines for the aviation industry. The decision comes days after multiple U.S. airports were forced to shut down their websites after being hacked by pro-Russia threat actors.
*This is sponsored content. | |
Upcoming events at Inside: - October 13 - AMA with Ram Bartov (Chief Accounting Officer at TripActions)* (Register Here)
- October 19 - AMA with Zecca Lehn (Responsibly VC) (Register Here)
- October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)
- November 02 - AMA with Bill Glenn (Executive Chairman at Crenshaw Associates) (Register Here)
- November 09 - Live AMA with Yashar Behzadi (CEO and Founder of Synthesis AI)* (Register Here)
- December 07 - Live AMA with Deividi Silva ( Head of Developer Relations at Gun.io) (Register Here)
*This is a sponsored listing. | |
| | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |
Create, send and track emails that customers look forward to getting with Constant Contact. | |