The FBI seized 48 domains and charged six people who were selling hacking tools that made it easy to launch DDoS attacks. The tools were used to target both U.S. and international citizens. More: - In addition to affecting targeted victims, these attacks can significantly disrupt internet services and can completely shut down internet connections.
- The websites targeted in this operation were used to launch millions of actual or attempted DDoS attacks targeting victims worldwide.
- Some of the domains that were seized are RoyalStresser(.)com, SecurityTeam(.)io, Astrostress(.)com, Booter(.)sx, Ipstressor(.)com, and TrueSecurityServices(.)io.
- One suspect was located in Texas, three in Florida, one in New York, and one in Hawaii.
- In addition to these arrests, the FBI, the United Kingdom’s National Crime Agency, and the Netherlands Police have launched an advertising campaign using targeted placement ads in search engines to deter cyber criminals searching for DDoS services in the United States and around the globe.
| |
A new report claims that 3.5 million IP cameras are vulnerable, most of which are located in the U.S. The figure represents an 800% increase from 2021. More: - While default security settings in these cameras have improved over the review period, some brands either offer default passwords or no authentication.
- Most of the public-facing cameras analyzed in the report are from the Chinese company Hikvision, which has 3.7 million devices being used around the world.
- As of today, 3.56% (127,000) of all analyzed cameras recommend changing the default password but do not enforce it, while over 21,000 cameras did not have an authentication setup.
- The report claims that there are over 458,000 vulnerable devices in the U.S., the most in the world. Vietnam is the second, with 365,000.
Zoom Out: - In November, the U.S. FTC banned the sale of China-made cameras and devices from Huawei, ZTE, Hytera, Hikvision, and Dahua because they pose a threat to national security, according to the agency.
| |
A message from SECURITY COMPASS The only secure developer training that is accredited by (ISC)² Our role-based, language-specific, secure developer training meets developers where they are in their knowledge and learning style to ensure they successfully develop and apply secure coding skills. Go beyond secure coding training. Retain talent, remain competitive, and stay compliant. We offer over 49 courses covering topics including: ● Defending AWS, .NET, Angular, Java, and more ● DevSecOps Fundamentals and DevSecOps for Managers ● Defending Containers, Kubernetes, Docker ● Secure Software Requirements, Design, Testing Explore language-specific, role-based, (ISC)² accredited secure developer training. Visit our page to browse our curriculum, try a free course, or speak to the team. Browse our curriculum | |
Apple has released a security update to patch a new security flaw found in macOS, iPadOS, tvOS, iOS, and Safari. The flaw is tracked as CVE-2022-42856. More: - The security flaw may have been used by hackers to breach devices that used iOS versions before iOS 15.1 and extract data from devices.
- Researchers from Google's Threat Analysis Group believe that hackers used social engineering to gain privileged information from an employee.
- This update also includes end-to-end encryption capabilities for iCloud Backup, Notes, Photos, and more.
- A total of 35 flaws have been fixed with the release of iiOS and iPadOS 16.2, and 17 security holes with the release of iOS and iPadOS 15.7.2.
| |
Ngrok raises $50M to help companies make sure they send their data via encrypted connections. Lightspeed Venture Partners led the funding round. More: - Ngrok is a reverse proxy startup that aims to differentiate itself by claiming that its platform can be deployed with only one line of code.
- Enterprise applications usually run on multiple servers. Each server processes a portion of the network requests sent to the application.
- Ngrok claims that its platform enables companies to have a reliable connection so that their network doesn't crash.
- In addition to Lightspeed Venture Partners, Coatue also participated in the round.
- The company has over 30,000 clients and over 5,000,000 developers building on it.
- This is the company's first major funding round.
- Founded in 2015, Ngrok is based in San Francisco.
| |
CISA has added five new security flaws to its vulnerabilities list. The flaws affect Microsoft, Citrix, Veeam, etc. More: - CISA's vulnerabilities list is updated in real-time and includes every security flaw that agency tracks.
- Out of the five new flaws added, two of them are considered to be critical: CVE-2022-26500 and CVE-2022-26501.
- If the two flaws are abused, they could lead to arbitrary code execution and unauthorized control of the target's device.
- Veeam is especially targeted by hackers because it is used by 70% of Fortune 2000 companies, including companies such as Volkswagen, Siemens, Deloitte, Shell, Fujitsu, Airbus, and Puma.
| |
Quick Hits: - Customer trust is critical, but creating a continuous security process for your startup can be complex. Learn from Vanta how to enhance security without overextending your resources.*
- The U.S. Army is reportedly planning to implement a zero-trust cybersecurity framework as part of its modernization efforts.
- The organizing team behind the Paris 2024 Olympics games has held cybersecurity exercises that simulate a cyberattack to prepare for the upcoming event. The organizers said they want to avoid a cyberattack like the one that hit the Pyeongchang 2018 Olympics.
- Trilio (Massachusetts), which provides cloud-native data protection software, raised a $17M Series B led by SKK Ventures with participation from T-Mobile Ventures, Wayra Telefónica Innovation, Raiven Capital LP, Genesis Accel, .406 Ventures LLC, etc.
- The Philippines could risk losing 75% of its $23B outsourcing sector if it fails to fix its cybersecurity issues, according to this report.
- Recruiting tech ROI of 227%? Here’s how Okta achieves its hiring goals using Greenhouse Recruiting and Greenhouse Onboarding.*
*This is sponsored content. | |
Upcoming events at Inside: | |
| | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass delivers best-practice, role-based, accredited eLearning solutions. | |