The U.S. has charged two Chinese citizens for an attempted theft from the office of the U.S. State Attorney in New York. The case is related to the Huawei ban. More: - The two agents had their cover blown by a U.S. agent who led them to believe that he was working for foreign intelligence services.
- The duo paid $41,000 in Bitcoin for the information.
- If they are caught, they could face 60 years in prison.
- The U.S. Department of Justice unveiled several other similar cases. In one of them, the U.S. charged seven Chinese nationals who had harassed a U.S. resident to return to China after they had fled the country. Two of the seven individuals have been arrested.
- Another case involved four Chinese nationals who tried to recruit American professors, federal agents, and homeland security officials to work for Chinese intelligence.
Zoom Out: - Chinese threat actors have previously breached U.S. telecom companies in an attempt to steal information. U.S. authorities believe this hacking campaign, along with similar ones, is backed by the Chinese government, which the latter strongly denies.
- The FBI recently warned the Democratic and Republican parties that Chinese hackers are looking to disrupt the upcoming U.S. midterm elections.
| |
Hackers have stolen information from 167,000 credit cards due to a security flaw. The malware used to steal the info is tracked as MajikPOS. More: - MajikPOS is written in .NET and uses an encrypted communication channel to bypass security systems.
- The threat actors used brute force attacks to initiate an automated script that guessed passwords until it guessed the right ones. From there, the actors used their login credentials to deploy the malware and steal the massive amount of data.
- Researchers believe that the threat actor could have sold the information for more than $3M.
- Most of the credit card information that was stolen belongs to U.S. citizens.
Zoom Out: - Two weeks ago, hackers in the dark web posted data from a leak of over 1 million credit cards, most of which belong to U.S. citizens.
- In early 2022, the FBI highlighted a hacking campaign that managed to steal credit card information from a U.S. business by using malware written in PHP.
| |
 A message from LAIKA If you’re trying to close deals, SOC 2 is probably a thorn in your side. What is it, and who cares? Your business needs SOC 2. But building compliance from scratch is complicated, time-consuming, and the cost can be crippling. Laika has you covered. Uncomplicate SOC 2 with our guide for growth-minded founders. In the guide by Laika you’ll learn: - What is SOC 2 compliance and why it matters for your startup
- How to close more deals faster by becoming SOC 2 compliant
- How to prepare for SOC 2 compliance
- What to expect in terms of time and cost
- What to do after the report is in
What makes Laika the authority on SOC 2? They’re the only compliance automation solution that was built by compliance experts. Learn how to turn compliance from a pain point into a secret edge over your competitors. Download Now 
| |
Hive ransomware has claimed responsibility for the cyberattack against Tata Power. The attack happened in early October. More: - Tata Power is India's largest energy company and is part of the largest conglomerate in the country, Tata Group.
- The Hive ransomware gang has begun leaking stolen data such as client contracts, salary information, agreement documents, emails, addresses, phone numbers, passport numbers, and taxpayer data.
- Researchers believe that the group is leaking the information because Tata Power may have refused to pay a ransom.
Zoom Out: - The Hive ransomware gang was tracked in 2021.
- The group uses ransomware-as-a-service to target organizations around the world.
- The group targets industries such as automotive, construction, education, energy, entertainment, financial services, food and beverage, government, hardware, healthcare, technology, etc.
- Hive has successfully breached targets such as Costa Rica's public health system and Media Markt.
| |
Atlanta-based startup Arnica has raised a $7M funding round. Joule Ventures and First Rays Venture Partners co-led the Seed round. More: - The company offers an AI solution that helps companies identify changes in the code their developers' code
- In addition to detecting code changes, the software also removes privileged access from certain users in the network, giving it back only when access is needed to complete a task. This is done so employees are not targeted by threat actors for their privileges, which can compromise the entire company's security.
- Arnica aims to use the funding for product development and to scale its adoption.
| |
 A message from IMPACT How much do influencers charge per post? Influencer marketing costs In 2020, the global value of influencer marketing was estimated at a whopping $9.7 billion, according to Influencer Marketing Hub. In a 2019 survey by Mediakix, 48 percent of marketers found influencer marketing return on investment (ROI) better than other channels while another 41 percent said the ROI was comparable. In this blog, you'll learn: - Different pricing structures per influencer based on the type and social media channel.
- US and global pricing tiers.
- The ROI influencer marketing can drive your business.
- Identifying the right fit for your influencer campaigns.
Read the blog
| |
Security startup Sepio has raised an undisclosed Series B. U.S. Venture Partners led the round. More: - Hanaco Ventures, Munich RE Ventures, Merlin Ventures, Bess, and Pico Partners also participated in the round.
- Sepio offers a management platform for hardware risk assets. The software is able to provide security feedback for clients without 24/7 traffic monitoring.
- The company aims to use the funds to accelerate growth and sales.
| |
Quick Hits: - Get ahead of the holiday madness and gear up your influencer and affiliate strategy for success.*
- The Atomic Energy Organization of Iran has stated that it has been hacked by an unnamed foreign country. The breach resulted in several emails and documents about nuclear development deals being leaked.
- A new report shows that the number of data breaching cases has increased by 70% globally in Q3 2022. Russians are so far the most breached users in the world, followed by the French.
- The FTC has settled a privacy case with the delivery app Drizly. The settlement confirms that the latter is liable for ignoring widely known security problems that led to the data leak of millions of users.
- SQLite, a 22-year-old database library, is liable to a security flaw that could enable threat actors to take control of programs and disrupt them. The flaw is being tracked as CVE-2022-35737.
*This is sponsored content.
| |
Upcoming events at Inside: - October 25 - Learn how leaders from Slack, Shopify, and Stripe are improving developer productivity, workflow, and collaboration in their engineering orgs. (Register Here) *
- October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)
- November 02 - AMA with Bill Glenn (Executive Chairman at Crenshaw Associates) (Register Here)
- November 09 - Synthetic data for more efficient, robust and ethical model development - Live AMA with Yashar Behzadi (CEO and Founder of Synthesis AI)* (Register Here)
- December 07 - Live AMA with Deividi Silva ( Head of Developer Relations at Gun.io) (Register Here)
*This is a sponsored listing.
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Laika is a unified compliance platform that automates workflows for audits, infosec monitoring, and vendor due diligence in a single, collaborative space. | |
| |
