The U.S. government is set to launch the Hack the Pentagon bounty program soon. Security researchers who participate in the program will only be allowed to target unclassified documents over the event's 72 hours. More: - Cybersecurity researchers must find security flaws in the government's Facility Related Controls System.
- This system is used to monitor essential facilities such as fire, heating, and ventilation systems.
- This is the third iteration of the program, with the last one being organized in 2018.
| |
Microsoft has patched four Azure flaws that may have enabled hackers to take control of servers, among other actions. The bugs were tracked by a security research firm. More: - Furthermore, these flaws could have allowed an attacker to scan local ports and find new services, endpoints, and sensitive files.
- The four Azure services that were found vulnerable are:
- Azure API Management,
- Azure Functions,
- Azure Machine Learning
- and Azure Digital Twins.
- These flaws could prove to be highly dangerous if the threat actor has information on its target's IMDS details.
- Microsoft has stated that it has patched all four bugs, while researchers have recommended that users validate all input and ensure that servers are configured to only allow necessary inbound and outbound traffic.
| |
 A message from LACEWORK Lacework Labs Cloud Threat Report, Vol. 4 In the latest installment of the Cloud Threat Report series, Lacework Labs covers the significant increase in efficiencies used by cybercriminals. Get insights into these trends that cover how: - Attackers are automating key discovery and exploits, taking advantage of momentary mistakes
- Simple mistakes turn into misconfigurations that attackers use to compromise your cloud identity infrastructure
- Vulnerabilities continue to stick around for months (sometimes even years) and attackers quickly exploit any new vulnerabilities
- Cryptojacking continues to be a staple in cybercriminal tool belts
Discover detailed intelligence about ongoing infrastructure compromise activities and best practices for hardening your cloud security posture. Read the Lacework Labs Cloud Threat Report, Vol. 4 today. Get the report
| |
The war in Ukraine has led to a 62% drop in the number of cases of stolen cards being published on the dark web. There are currently over 13 million stolen cards on the dark web. More: - Researchers believe that the drop in the number of stolen card cases could be attributed to two main factors: The war in Ukraine and police operations against hackers located in Russia.
- Several areas that are conflict zones in Ukraine are believed to have been operation bases for Russian threat actors, resulting in an overall drop in hacking campaigns.
- To support these claims, researchers have published a report that shows that in 2022, 13.8 million card reports were posted on the dark web, a significant drop from the 60 million cards in 2021.
- Researchers expected a further drop in activity from Russian hackers if the war in Ukraine continues, while they believe the opposite would happen if the war potentially ends in 2023.
| |
Denmark, Finland, Iceland, Norway, and Sweden are planning to create a common strategy for cybersecurity. The initiative, a part of the Nordic Council, will be led by Norway. More: - The states are focusing on improving intelligence sharing between themselves in order to protect their digital infrastructure from cyberattacks.
- This initiative is meant to boost cooperation between The Nordic Council, a collective of countries in the Nordic region that includes Denmark, Finland, Iceland, Norway, Sweden, the Faroe Islands, Greenland, and the Åland Islands.
- Based on this plan, the countries need to implement a common framework by 2025.
- Sweden aims to invest $130M in cybersecurity capabilities, while Finland will spend $80M for this purpose. The two countries have increased their investment in security due to the war in Ukraine, an event that led them to apply for NATO membership in 2022.
| |
 A message from GUSTO Take care of your employees with the #1 payroll and HR platform. What if running payroll took a few clicks instead of a few hours? What if offering benefits was actually easy? What if employees could access their paychecks, W-2s, benefits information, and even money management tools from one well-designed, easy-to-use account? Gusto was built for the people behind incredible businesses like yours. - Next-day payroll with tax filing and easy direct deposits
- No-cost, low-cost, and premium benefits (with automatic calculations and deductions)
- Smart job posts, applicant tracking, offer letters, and onboarding checklists
- Access to certified HR experts for guidance and compliance support
Save time and peace of mind with Gusto’s powerful tools and clear, honest pricing. Setting up your account is free and you won’t pay a cent until you’re ready to run payroll. Join Gusto
| |
Israel-based AccSense has raised a $5M Seed funding round to provide cybersecurity services for SaaS apps. The company specializes in identity protection from cloud cyberattacks. More: - AccSense claims that it can help companies avoid breaches that happen as a result of cloud-based security flaws, employee errors, and inside threat actors.
- The AccSense platform offers features such as:
- one-click recovery,
- constant verification of backed-up data,
- periodic testing for keeping the backup up-to-date,
- and the ability to identify changes between different points in time.
- The company has worked with Fiverr, Operative, Walk Me, Bright Data, etc.
| |
Quick Hits: - Enjoy 50% off your first month when you join the Athletic Club. Get award-winning brews delivered monthly and perks like early access + free shipping!*
- Sen. Mark Warner, head of the Senate Intelligence Committee, has stated that he intends to present legislation that will aim to make healthcare organizations in the U.S. better prepared to face hacking campaigns in the future.
- The European Union has presented two new directives that widen the scope of what the NIIS 2 legislation has to cover. The latter is a bill that obliges companies to report cybersecurity incidents to EU institutions so that they do not risk EU consumers.
- Python developers were cyberattacked with the Wacatac Trojan after three infected packages were uploaded to the PyPi by an untracked threat actor.
- As your business grows, so does the number of employees and the information they have access to. In this short video, security experts at Vanta demystify access reviews.*
*This is sponsored content.
| |
Upcoming events at Inside: - January 12 - AMA with Gun.io - Building and managing software development teams w/ Deividi Silva (Watch On Demand)
- January 13 - AMA with LinearB - Improving workflow for developers w/ Ori Keren (Watch On Demand)
- January 18 - Inside Interview with Lacework - 4 Common Attack Paths in Cloud Security (Register Here)
- January 25 - Amanda Natividad speaks on zero-click content, how to measure it, and other trends to keep tabs on in 2023. (Register Here) *
- January 26 - Growth Experimentation Workshop: From Strategy to Process by GrowthHackers.com (Register Here)
- February 23 - Startups Book Club, February 2023 (Join The Club)
- April 18 - Human Resources Summit'23 (Register Here)
*This is a sponsored listing.
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
| |
| |
