Google has paid a white hat hacker who found a way to unlock Google Pixel phones $70,000. According to the security researcher, this issue may affect other Android devices. More: - The white hat hacker, named David Schütz, found the flaw after his own Google Pixel phone died. Not remembering his PIN, Schütz was forced to reboot his phone. The researcher inserted a new SIM card, which prompted a request to write the phone's PUK code. After entering the PUK code, the Pixel accepted his fingerprint, and the phone continued working as normal. He has posted a video where he explains all of the steps.
- According to Schütz, this should not have been possible on a fully updated Google Pixel 6 phone. To confirm his test, he carried out the same method with a Pixel 5. He says the method worked on the Pixel 5 too.
- According to him, this flaw has been previously reported by other researchers, but Google did not take action until his report. Google initially aimed to patch the flaw in December, but after Schütz's insistence, the company decided to patch it sooner.
| |
LockBit ransomware group is demanding a $50M ransom from Continental to release the information that the group allegedly stole during a previous breach. The group has given a 24-hour deadline for its demands to be met, or it will publish the information. More: - LockBit has launched a website that shows four different screenshots. The screenshots contain conversations with managers from Continental where it seems that the hacker group tried to negotiate with the car parts company, but its demands were not met.
- The group has released a website with three buttons on the main page. All three buttons serve a specific purpose:
- Extending the deadline for 24 hours (if $100 is paid)
- Download all the stolen information (if $50M is paid)
- Delete all the stolen info ($50M ransom demand again)
- LockBit claims that it successfully managed to breach Continental during a hacking campaign that was deployed in August 2022. The company, however, denied claims that the cyberattack breached its security systems and stole data.
| |
A message from SECURITY COMPASS Lessons learned Come and interact with our panel through questions or advice on how to Get started with Software Threat Modeling. What to expect: Have you heard about software threat modeling and now want to know more? Does your organization say you need to start threat modeling your applications, but you aren’t sure where to start? Have you tried threat modeling in the past, but given up because it was too manual and time-consuming? Identifying threats and implementing countermeasures early in the SDLC is the most efficient and cost-effective way to deliver secure software. When it comes to software application threat modeling, Security Compass senior solution engineers Brandon Triance-Haldane and Adhiran Thirmal have pretty much seen and heard it all. Join Brandon and Adhiran as they share lessons learned from their threat modeling experience as solution architects, senior DevOps engineers, and now solution engineers at Security Compass. Sign up today to join us Live on Tuesday, Nov 15th, 2022 | 2:00 PM EST. Grab your free seat | |
A Maryland-based couple has been sentenced to a combined 41 years in prison for trying to sell nuclear secrets to a foreign government agent. The married couple sold information for $100,000, which they received in cryptocurrency. More: - The couple sold the information to what they believed was a foreign agent but was actually an undercover FBI agent.
- Jonathan Toebbe, 44, stated that the reason behind his actions was stress and alcohol abuse. He said his work stress had led him to stress about the state of democracy in the U.S. and that by selling this information, he would be able to help "save democracy." He was sentenced to 19 years in prison.
- Diana Toebbe helped Jonathan hide several memory cards that contained confidential information. The memory cards were concealed in chewing gum wrappers, sandwiches, etc. She was sentenced to 21 years in prison, edging toward a full 22-year sentence.
- The couple was found guilty on one charge each of conspiracy to communicate restricted data, which is a federal felony.
| |
98% of companies globally were affected by cyberattacks last year, a new report shows. The report, compiled by a security research company, interviewed over 2,000 executives and 1,000 employees. More: - What makes the report even more worrying is the fact that the number of firms with over 1,000 suppliers increased from 38% in 2021's report to 50% this year.
- The report claims that 40% of companies still rely on suppliers to ensure security levels are sufficient, leaving their security at the mercy of a third party's willingness and knowledge to take the right action.
- Perhaps most shockingly, 42% of the companies stated that even if they track a security flaw, they do not have the right tools to follow the process and confirm if the flaw has been patched.
- The report concludes that companies struggle mostly with supplier security and regulation compliance.
| |
Probely has raised a $7.7M round to help dev teams integrate security testing in the entire development cycle. Probely's funding round was led by Dutch VC firm TIIN Capital. More: - Probely provides a platform that can detect cybersecurity risks and report them to the client immediately. The tool is easy to integrate with development tools, making security an integral part of the app/website being created right from the start.
- Iberis Capital, Semapa Next, EDP Ventures Bright Pixel Capital, Caixa Capital, and Portugal Ventures also participated in the round.
- The company aims to use the funding for international expansion with a focus on the U.S. market. Probely may also expand its team, currently comprised of 40 employees.
| |
Quick Hits: - $250 for International Acct. Day? Demo Divvy by Nov. 10 so you can stop wasting time on expense reports and start wasting it at the beach.*
- Banking users in India are being targeted with multiple phishing campaigns. All of these campaigns use SMS messages, or smashing, as their threat vector.
- Russian hacker group Sandworm, known for breaching Ukrainian institutions in 2015-2016, is believed to be the threat actor behind Prestige ransomware. The latter is malware that was used in multiple hacking campaigns against Ukraine and Poland earlier this year.
- Several security flaws that affect Lenovo Yoga, IdeaPad, and ThinkBook devices have been tracked. The flaws could allow hackers to gain unauthorized privileges and change security settings in their victims' devices.
- Over 15,000 WordPress websites have been affected by a breach, as users who visit those sites are being redirected to numerous spam websites that may contain malware variants.
- Lab 1, a U.K.-based company that helps its clients detect imminent threats from the dark web, has raised $1.1M in a growth round led by Alan Morgan, MMC Ventures, Cris Conde, and SyndicateRoom.
*This is sponsored content. | |
Upcoming events at Inside: - November 29 - Learn about concrete 3D printed houses: how it works, market snapshot and investment opportunity. (Register Here) *
- January 31 - Growth Summit'23 (Register Here)
*This is a sponsored listing. | |
| | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass delivers best-practice, role-based, accredited eLearning solutions. | |