U.K. arrests suspected Uber teenage hacker / Signal asks users to help Iranian citizens / SentinelOne raises $100M

Plus: Immunefi raises $24M Series A to develop its bug bounty platform

Inside.com Part of   Network September 23, 2022

Presented by

The U.K. police have arrested a teenager who allegedly hacked Uber and Rockstar. The teenager was arrested in the City of London, a separate administrative area within the greater London area. More: The announcement was made through a public tweet. The 16-year-old is suspected of having been the main culprit behind the breaches of Uber, Rockstar, and 2K Games. Authorities believe that the hacker was working as part of a Lapsu$ hacker group branch. The threat actor breached Uber by using social engineering as a threat vector. As a result, hackers gained unauthorized access to security protocols after manipulating 2FA credentials. Only a few days ago, hackers breached Rockstar, a video game studio known for developing Grand Theft Auto. The hacker leaked source code and exclusive unreleased videos from the gameplay. Zoom Out: Lapsus$ is a hacker group known for having breached Microsoft, Nvidia, T-Mobile, Samsung, the Brazilian government, and other organizations. The threat actor uses Telegram to notify its followers and spread its documents on the internet. The group is believed to have been led by a teenager who was arrested in London in early 2022, while the total membership count is believed to have at least seven.

Signal has asked that its users launch end-to-end encryption for Iran. The messaging app is instructing its users to enable their proxies. More: Currently, Iran is seeing an uprising from a number of women who are protesting for more rights. The protest erupted after a young woman named Mahsa Amini passed away as a result of what many people believe was police brutality. The 22-year-old woman was arrested for breaking the clothing laws in the country. Due to the protests, the Iranian government is cutting internet connections and shutting down different communication apps.  In order to circumvent this ban, Signal is instructing its international users to help set proxy servers that would act as a connection bridge for Iranian citizens who are currently unable to use the app.

A message from SECURITY COMPASS Current approaches to software threat modeling simply don’t work. They are manual, inconsistent, take too long, don’t scale, and don’t give developers what they need. When software security and compliance are considered more as an afterthought, rather than a vital step in the development process, organizations end up trying to remediate security and compliance issues after software has been written, rather than preventing issues in the first place. Here you can find a series of posts breaking down how you can anticipate threats earlier in the software development life cycle to create more secure and compliant software. Empower DevSecOps teams to make software secure and compliant by: Design through automating threat modeling Generating application security requirements Providing secure development Compliance best practices. The SD Elements platform is the best solution for organizations who need to scalably model software threats, identify countermeasures, and deliver secure, compliant code quickly. Download the whitepapers

SentinelOne has raised a new $100M fund. The company will operate the fund as an investment arm. More: The fund will be officially named S Ventures. SentinelOne claims it will invest in platforms that are easily compatible with its proprietary SentinelOne Singularity XDR. S Ventures has made investments in companies such as Armorblox, Noetic Cyber, Torq, and Laminar. The company said it will use the funding to help companies scale their product and engineering teams.

Cybersecurity startup Immunefi has raised a $24M Series A funding round. Framework Ventures led the round. More: Other participants in the round include Samsung Electronics. According to company officials, the company has built a Web3 bug bounty platform, which is the most used one in the market. Over 300 projects are currently using this platform. According to Immunefi, over $65M has been paid to developers who have found bugs, while companies have saved over $25B in damages. Since being founded in 2020, the company has raised over $29.5M.

A message from QUANTUM Avoid Paying a Ransom - Get the Ultimate Backup Guide Before You Need It Paying a ransom may sound like the best case scenario: get your data back, make your customers feel worth it. But actually, it can affect your business in other ways and may, in some cases, be illegal. Make sure your systems are protected across the entire data lifecycle - and never pay a ransom again. You’re able to balance cost while maximizing efficiency. No one can stop ransomware or fully prevent it from taking place - but you can make sure you’re protecting your customers and your data by ensuring that there is a fully air-gapped solution. Request A Demo

Crossword Cybersecurity has raised a $4.1M growth funding round. The company has issued new shares at a discount price to some of its current investors. More: This funding round was led by Gresham House Asset Management Ltd, which invested $2.1M and will own 18% of the shares. The company aims to use the funds to increase sales and marketing and for product development, general marketing, and working capital purposes. Crossword has issued 17.8 million shares at 21.7 pence a share with new and existing shareholders, a 10% discount from the stock's closing price on Thursday. Crossword will now have 92.4 million shares, which are expected to begin being traded on Monday.

Quick Hits: 97% of companies are pursuing a multicloud strategy. Here are six steps for a successful cloud migration experience.* The FBI and CISA have released a new cybersecurity guideline. The directory is meant to help U.S. organizations reduce OT exposure-caused cyberattacks. The U.S. Air Force has stated that it will upgrade its security systems by collaborating with IBM and Lumen. The changes will be deployed in three phases, while the Department of Defense will fund the project. Researchers have tracked an espionage campaign that has been breaching and spying on Uyghur citizens for the last seven years. Participants in a joint hackathon organized by Europol managed to track 53 online platforms that are believed to be related to human trafficking. *This is sponsored content.

Upcoming events at Inside: September 28 - AMA with Leigh-Ann Buchanan (Founder of aīre ventures) (Register Here) October 05 - AMA with Ram Bartov (Chief Accounting Officer at TripActions)* (Register Here) October 11 - AMA with Mike Malone (Smallstep)* (Register Here) October 19 - AMA with Zecca Lehn (Responsibly VC) (Register Here) October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here) November 02 - AMA with Bill Glenn (Executive Chairman at Crenshaw Associates) (Register Here) *This is a sponsored listing.

Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. Editor Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords.

Security Compass is on a mission to accelerate software time-to-market while managing risk.

With Quantum, we shift the focus from accumulating data to making it work for you.

767 Bryant St. #203, San Francisco, CA 94107 Copyright © 2022 Inside.com

Did someone forward this email to you? Head over to inside.com to get your very own free subscription! You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.