Researchers have found a new dark web malware marketplace named InTheBox that is believed to be the largest mobile malware market in the world. The illegal marketplace has been available since early 2020. More: - The marketplace is rampant with web injects, a type of malware tool used to steal banking information, social media login credentials, email credentials, etc.
- What makes InTheBox unique is the fact that there are 1,849 injects, all of which can breach financial institutions, e-commerce, payment systems, online retailers, and social media companies from over 45 countries, including the U.S, the U.K, Canada, Brazil, Colombia, Mexico, Saudi Arabia, Bahrain, Turkey, and Singapore.
- Some companies that the injects are designed to breach are Amazon, PayPal, Citi, Bank of America, Wells Fargo, DBS Bank, etc.
- The web injects were rented out in a malware-as-a-service model for prices ranging from $2,500 to $7,000.
Zoom Out: - Dark web marketplaces have been a regular occurrence on the internet. The first dark web marketplace is considered to be Silk Road. Launched in 2011, the marketplace had at least 100,000 users that bought drugs, hacking services, pirated software, etc.
| |
A 25-year-old man in Florida has been sentenced to 18 months in prison for stealing $20M in a SIM-swapping scheme. The victim was cryptocurrency investor Michael Terpin. More: - The attacker, identified as Nicolas Truglia, tricked the victim’s mobile carrier into transferring the victim’s phone number to a SIM in his control, which enabled him to take control of a foreign device.
- Terpin filed a report in 2018 claiming that $23M had been stolen via his phone, while one year later, he sued AT&T for failing to prevent the hack, asking for a $200M payment in damages.
- While the court turned down this lawsuit, it gave Terpin the positive verdict in a $75M civil lawsuit against Truglia.
- The scammer tried to hide his crimes by transferring the funds in Bitcoin but was unable to do so.
- He will serve 18 months in prison and three years of supervised release.
| |
 A message from SECURITY COMPASS The only secure developer training that is accredited by (ISC)² Explore role-based, language-specific, secure developer training that meets developers where they are in their knowledge and learning style to ensure they successfully develop and apply secure coding skills. Go beyond secure coding training. Retain talent, remain competitive, and stay compliant. Choose over 50 cybersecurity courses covering topics including: - AppSec Fundamentals
- Secure Coding
- Secure Mobile
- Compliance, PCI-DSS, CCPA, HIPAA
- Operational Security, like DevSecOps Fundamentals and DevSecOps for Managers
Influence developers to adopt secure coding without getting in their way. Learn more
| |
A French hospital was forced to cancel its operations after being by a cyberattack. Hackers have asked for ransom, but the hospital doesn't intend to pay it. More: - The Hospital Centre of Versailles, which entails Andre-Mignot Hospital, Richaud Hospital, and the Despagne Retirement Home, had to cancel some operations and transfer six patients after a cyberattack from unknown threat actors shut down its services.
- Representatives from the Hospital Centre of Versailles stated that they are not aware of the amount that the hackers are asking for as ransom but claim that they do not plan on paying it, regardless of how much.
- If the hospital were to do so, it would go against French law, which prohibits public institutions from paying any ransom in these cases.
Zoom Out: - In August, the Center Hospitalier Sud Francilien, a hospital southeast of Paris, suffered a ransomware attack in which hackers asked for $10M in ransom.
| |
Almost half of all British manufacturers were hit by cyberattacks last year, according to a new report. Businesses have reported losses that surpass $300,000. More: - Regardless of the large impact that cyberattacks have had on their businesses, most British companies surveyed have decided not to upgrade their cybersecurity capacities.
- The cyberattacks that hit these manufacturing companies were mostly used to stop their production (65%).
- The most common reason for being breached was using old software, while a lack of employee training and third-party vulnerabilities were the second and third most cited reasons, respectively.
Zoom Out: - A few days ago, it was reported that the head of MI6 had his emails leaked by foreign intelligence agencies after he had attempted to back a campaign to ban Huawei in the U.S.
| |
 A message from GREENHOUSE Identity security leader Okta wins at hiring with a 227% ROI using Greenhouse Recruiting. Learn how. If you’re expanding your customer base and need qualified talent to accomplish those goals, first look into the efficiency of your hiring platform and check if it makes the sourcing of qualified candidates more efficient. Okta, a leader in identity security and user authenticity, has been successfully aligning the pace of hiring to the pace of business growth with the Greenhouse hiring platform while measuring a 227% ROI! Find out how Okta adjusted their hiring strategy and achieved their hiring goals by: - Automating processes to save time, including data entry and reporting
- Providing insights on recruiting metrics to make strategic improvements and
- Saving each recruiter about 25 hours of work annually
READ CASE STUDY
| |
HYPR has raised a $25M C1 round to expand its passwordless authentication solution. The company has two of the largest U.S. banks and several Fortune 500 companies as its clients. More: - Hypr has developed a passwordless authentication platform that aims to make it easy to log in to mobile and web apps, boosting MFA use.
- In order to approve the login, users have to log in using their authentication apps. The methods through which they can do so include biometric features such as face and fingerprint or a password.
- Advent International led the funding round, with participation from .406 Ventures, RRE Ventures, Top Tier Capital, and Comcast Ventures.
- The New York-based company, founded in 2014, has raised $97M since its inception.
| |
Quick Hits: - Final days to invest in the startup disrupting the $1.2T vacation rental industry. Become a reAlpha shareholder before 12/8.*
- Ohio-based cybersecurity startup Balance Theory has raised a $3M Seed round led by DataTribe with participation from TEDCO.
- The city of Dallas has launched Dallas Secure, a public app meant to block phishing messages, unsafe wifi connections, fake apps, etc.
- U.S.-based Resecurity and Mexico-based Totalsec have reached a partnership agreement. Resecurity aims to gain access to the Mexican market, while Totalsec wants to benefit from the cybersecurity expertise that Resecurity has.
- SafeStack, a New Zealand-based startup, has raised $6M. SafeStack helps developers learn cybersecurity skills.
- Taking care of yourself matters, and BetterHelp connects you to a therapist within 48 hours without having to leave home. Get 25% off your first month.*
*This is sponsored content.
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass delivers best-practice, role-based, accredited eLearning solutions. | |
Greenhouse gives you the technology and know-how to be great at hiring with a measurable ROI. | |
