Zendesk has been hacked through a smishing campaign. The hackers sent texts to Zendesk employees, convincing them to send out their login credentials for company systems as well as personal information. More: - Zendesk was breached between Sept. 25 and Oct. 26, 2022. The company, however, has not publicly acknowledged the breach.
- The announcement regarding this breach was made by the cryptocurrency trading platform Coinigy.
- Researchers believe that the campaign is likely to have been deployed by the Oktapus hacker group.
Zoom Out: - The threat actor has carried out similar campaigns in the past. In August 2022, the group was suspected of having stolen over 10,000 login credentials from companies such as Twilio, MailChimp, and Cloudflare.
- A few months ago, Kraken reported a security breach caused by Zendesk's internal security hiccup.
| |
Meta has started implementing more encryption features for its communication app, Messenger. The highlight feature is that conversations are end-to-end encrypted by default. More: - Meta has stated that these encryption features will be slowly rolled out over the coming months.
- The company has made several privacy-related changes, such as:
- Chat themes (the option to set themes, including static color and gradient themes for end-to-end encrypted chats).
- Custom chat emojis and reactions.
- Group profile photos.
- Link previews (for end-to-end encrypted chats).
- Active Status (lets people see when a user is active).
- Bubbles on Android.
- Meta has stated that the update will be rolled out for users individually and in a random manner so that there is little space left for any potential disruption campaigns or overall negative consumer experiences.
- There are over 100 billion messages sent through Messenger every day by more than 1.3 billion users. The app is second only to WhatsApp when it comes to MAU.
| |
 A message from LACEWORK Lacework Labs Cloud Threat Report, Vol. 4 In the latest installment of the Cloud Threat Report series, Lacework Labs covers the significant increase in efficiencies used by cybercriminals. Get insights into these trends that cover how: - Attackers are automating key discovery and exploits, taking advantage of momentary mistakes
- Simple mistakes turn into misconfigurations that attackers use to compromise your cloud identity infrastructure
- Vulnerabilities continue to stick around for months (sometimes even years) and attackers quickly exploit any new vulnerabilities
- Cryptojacking continues to be a staple in cybercriminal tool belts
Discover detailed intelligence about ongoing infrastructure compromise activities and best practices for hardening your cloud security posture. Read the Lacework Labs Cloud Threat Report, Vol. 4 today. Get the report
| |
Almost 60% of U.S. federal agencies ignored cybersecurity recommendations, according to a new report. Out of 335 publically announced recommendations, 190 have yet to be implemented. More: - The report published by the U.S. Government Accountability Office shows that these recommendations have been actively given out to federal agencies since 2010.
- GAO claims that its 2020 review of 23 civilian agencies found that no agency had fully implemented all of the seven foundational practices for supply chain risk management and that 14 agencies failed to implement even a single one.
- The agency also stated that the departments of Energy, Health and Human Services, Homeland Security, and Transportation had not developed metrics to assess their cybersecurity risk assessment efforts in order to become more efficient at making decisions by using data.
- The report concludes with a recommendation on Quantum Technology cybersecurity legislation, saying that the U.S. government should act quickly and push this industry to adopt better cybersecurity practices.
| |
Forward Networks has raised a $35M Series C funding round led by Goldman Sachs to provide network security services. Andreessen Horowitz also participated in the round. More: - The company offers services in network security, multicloud, and network assurance.
- Forward Networks has worked with companies such as:
- Goldman Sachs,
- PayPal,
- Verizon,
- COX,
- Paramount,
- Vodafone,
- S&P Global, etc.
- In addition to Goldman Sachs and Andreessen Horowitz, Threshold Ventures and A Capital also participated in the round.
- Since its inception in 2013, the company has raised over $110M in funding.
| |
 A message from ATHLETIC BREWING Giving dry a try this January? Keep the good times going! Enjoy 50% off your first month when you join the Athletic Club. You’ll get our award-winning brews delivered monthly, while also enjoying members-only perks like early access to brews and merch. Athletic Brewing is: - Great tasting with thousands of 5-star reviews, brewed in the USA
- Non-alcoholic (less than 0.5% ABV)
- Vegan-Friendly
- Low Calorie
With the Athletic Club, we even make it easier than ever to try our brews – from releasing crave-worthy styles on the “reg” to offering free delivery 24/7. You shouldn’t have to sacrifice being at your best to enjoy great brews. Get 50% Off Now
| |
Egerie has raised a $31M funding round to help businesses calculate specific costs from cyberattacks. The company's solution could help businesses get insurance coverage. More: - Due to the increasing number of cyberattacks, insurance companies have claimed that the industry is becoming too difficult to insure due to unpredictable costs.
- Egerie offers a software solution that helps companies calculate the costs of specific cyberattacks that derive as a result of the hardware, software, security updates, and other factors.
- Tikehau Capital led the funding round, with participation from Open CNP, Banque des Territoires, and TIIN Capital.
- The company has over 300 clients in 90 countries, including names such as:
- Accenture,
- Orange,
- Veolia, etc.
| |
Quick Hits: - Employee training is crucial, but building a scalable program for it is complex work. Use this checklist to take yours to the next level.*
- Security researchers have tracked activity that has led them to believe that the TA542 hacker group is using a new variant of Emotet Malware to breach its targets.
- Organizations are failing to implement a cybersecurity strategy that helps protect data privacy, according to IACA.
- An open-source malware named SparkRAT is being used by the DragonSpark hacker group to cyberattack organizations in East Asia. The hacker group is based in China.
- IT company GoTo has announced that hackers have stolen account usernames, salted and hashed passwords, Multi-Factor Authentication settings, and licensing information. The company claims it doesn't know who is the responsible threat actor.
- Revolutionary Talent is the Future of HR. Are you ready to tackle your goals for 2023?*
*This is sponsored content.
| |
Upcoming events at Inside: - January 24 - Inside Startups Coffee Break (Register Here)
- January 25 - Quantum Miami '23 (Register Here)
- January 26 - Growth Experimentation Workshop: From Strategy to Process by GrowthHackers.com (Register Here)
- January 29 - Inside Interview with Lacework - 4 Common Attack Paths in Cloud Security (Register Here)
- January 30 - Inside Coffee Break (Register Here)
- April 18 - Human Resources Summit'23 (Register Here)
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
| |
| |
