Plus: Microsoft warns cryptocurrency companies of increasing number of cyberattacks
| Part of  Network | |
 Presented by  |
The New Zealand government has been hacked through a third-party breach. This third party is reportedly a local service manager that handles IT operations for the government. More: - The institutions that were affected by this security breach include the country's Ministry of Justice and health service providers.
- New Zealand's National Cyber Security Center stated that it is currently investigating this case.
- It is still in the early stages of analyzing how the flaw was tracked and then used by the hackers.
- The institution will not publish details regarding the attack to prevent any further danger for the victims.
- This practice is used by most law authorities and organizations that are breached, as it keeps hackers from finding out about security updates and patching any possible flaws in their code.
- Affected agencies will reach out to people they find likely to have been breached.
| |
Cybersecurity startup Drata has raised a $200M Series C round to help companies with data privacy compliance. The company is now valued at $2B More: - Drata helps companies adhere to the strict rules that legal frameworks such as GDPR and SOC 2 enforce.
- The company specializes in SOC 2, a voluntary auditing process that companies go through to prove to would-be customers that they respect data privacy laws and can handle their clients' data safely.
- ICONIQ Growth and GGV Capital led the funding round with participation from Alkeon Capital, Cowboy Ventures, Salesforce Ventures, SentinelOne's S Ventures, FOG Ventures, and Silicon Valley CISO Investors.
- In addition to the funding, the company announced that it had added Microsoft CEO Satya Nadella as a board member.
- Drata aims to use the money to boost its R&D process further and add new compliance-related features.
- The California-based company has raised $228M since being founded in 2020.
| |
 A message from SECURITY COMPASS Security teams and developers may be aligned on what is needed, but the delivery of these requirements leaves room for improvement. This interactive report examines the maturity and approaches of application security training for software developers. It emphasizes the frustrations developers experience with current eLearning options and organizational views on its effectiveness. Key takeaways from the study include: - 40% of respondents indicate their company provides interactive content, yet a lack of interactive content remains a top frustration.
- In total, 75% of respondents indicated they had to look up security-related topics regularly - once or twice a week (54%) or daily (21%).
- The best time to do secure development training was during code implementation.
- 37% of developers stated that implementing new code to satisfy security requirements was the most costly and time-consuming activity they perform.
To view the full “2022 DevSecOps Perspectives on AppSec Training” research report and learn more. Click here
| |
The Vice Society Ransomware hacker group attacked 33 schools in 2022, according to a new report. The group asks its victims for a ransom of up to $1M. More: - Vice Society has been tracked since early 2021. The hacker group differentiates itself from other hacker groups by relying on pre-existing ransomware, such as HelloKitty and Zeppelin.
- According to Microsoft, the group usually waits six days after hacking its victims and then asks for ransom. The initial ransom amounts range from $450,000 to $1M.
- These variants used by the group are most likely bought by the hacker group on underground forums.
- In September 2022, a joint Cybersecurity Advisory from the FBI, CISA, and the MS-ISAC warned organizations that Vice Society disproportionately targets the education sector with ransomware attacks, and in many cases, it is able to infect them.
- The threat actor also targets other industries, such as healthcare and nongovernmental organizations.
| |
Microsoft has warned cryptocurrency companies about the increasing number of cyberattacks directed toward the industry in a new report. The company mentioned a specific threat actor tracked as DEV-0139. More: - According to Microsoft's security report, DEV-0139 uses the popularity of Telegram chat groups to widen the scope of its attack.
- The group presents itself as a cryptocurrency investment company, convincing users to join a different chat group where they could talk more extensively about their offers.
- Once they start communicating more intensively, the hackers use an infected Excel file with the name "OKX Binance & Huobi VIP fee comparision.xls" to infect the target.
- Staying true to its scrappy methods, the group uses a OneDrive account to deploy the malware.
| |
RangeForce has raised a $16M funding round to help companies improve their cloud cybersecurity capabilities. RangeForce has had a 2,700% YoY revenue growth since its launch. More: - RangeForce helps companies train their employees to become more adept at cybersecurity by selling three main packages:
- Professional Edition
- Enterprise Edition
- Elite Edition
- According to the company, its upskilling packages can be used by companies in verticals such as telecom, healthcare, technology, retail, government, etc.
- This funding round was led by Energy Impact Partners and Paladin Capital Group.
- Its platform is used by over 100 companies, including Cisco and Pipedrive.
- The company is headquartered in Washington, D.C.
| |
Quick Hits: - Final days to invest in the startup disrupting the $1.2T vacation rental industry. Become a reAlpha shareholder before 12/8.*
- The Governor of Maryland, Larry Hogan, has banned TikTok for all state government officials due to potential major security risks.
- The Cyber Resilience Act, a recently announced cybersecurity bill from the EU, will not include SaaS products. The decision was made after some EU countries proposed the tech vertical is included in the bill due to its impact on data.
- Indian cybersecurity firm CloudSEK has been hacked by unidentified threat actors who managed to breach the login credentials of an employee. The data is now being sold on internet hacking forums.
- A new report by the U.K. National Audit Office claims that 30% of applications used by the U.K. Department for Environment, Food, and Rural Affairs cannot run security updates because they are old. The practice could prove to be a major security risk for U.K. citizens, while it is unclear if the organization has fully patched these flaws.
- Taking care of yourself matters, and BetterHelp connects you to a therapist within 48 hours without having to leave home. Get 25% off your first month.*
*This is sponsored content.
| |
Upcoming events at Inside:
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass delivers best-practice, role-based, accredited eLearning solutions. | |
| 767 Bryant St. #203, San Francisco, CA 94107
Copyright © 2022 Inside.com | |
| |
