Google has announced its plan to remove the Secure label from HTTPS sites starting this year. The company claims to have been analyzing the decision for more than two years. More: - The company claims that the decision is part of a larger plan to simplify the Chrome UI and encourage website owners to use HTTPS by default.
- Google will stop highlighting the padlock icon for HTTPS sites, as it claims it has become a baseline expectation of security.
- Chrome will still show a "Not Secure" warning for sites that do not use HTTPS or have other security issues.
- Google's decision has been criticized by security experts, who believe it may lead to a false sense of security among users.
- The company, however, says that it has conducted research for more than two years regarding user behavior.
| |
 Hackers have stolen $1.1M from crypto exchange platform Level Finance after hitting the company with a cyberattack. Level Finance is based in Russia. More: - Hackers exploited a Level Finance smart contract vulnerability to drain 214,000 LVL tokens from the decentralized exchange and swapped them for 3,345 BNB, worth approximately $1,100,000.
- The hackers managed to access the exchange's hot wallet, which holds funds used for trading purposes.
- It was later discovered that the exchange had previously undergone two security audits, which failed to identify the vulnerabilities that led to the breach.
- The exchange has suspended all trading and withdrawals as it investigates the breach and works to improve its security measures.
- The two audits took place in 2023, and it is unclear if the vulnerable function was audited or added afterward.
| |
 A message from PUBLIC.COM Lock in a 5% Yield on Your Cash in Less than 30 Seconds Treasury Accounts are officially live on Public, offering a new way to lock in a 5.0% yield on your cash in literally seconds. (That’s significantly higher than a high-yield savings account.) It’s easy to get started. Once you create your Treasury Account, you can move your cash into the safety of US Treasury bills.
As a Public member, you can now instantly invest your cash in 26-week Treasury bills. At the time of your deposit, you lock a fixed rate of return, backed by the full faith and credit of the US government. Public then stores your Treasury bills at The Bank of New York Mellon—the world's largest custodian bank and securities services company.
Once your Treasury bills reach maturity, they are automatically reinvested, so you have one less thing to think about. However, you also have the option to sell your Treasury bills at any time—even before they reach maturity. So, it's the best of both worlds: the high yield of US Treasuries and the flexibility of a savings account. Join Public
| |
A newly discovered threat group named SandroRat is targeting Italian corporate networks. The group is focused on the energy, military, and aerospace sectors. More: - The group deploys phishing attacks with malicious Word documents that execute a series of scripts designed to evade detection and ultimately deploy a backdoor dubbed SandroRat.
- SandroRat is a modular remote access trojan that is capable of malicious functions such as:
- capturing screenshots,
- exfiltrating data,
- and executing arbitrary code.
- The attackers are exploiting a recently disclosed Microsoft Exchange Server vulnerability to gain initial access to the target's network.
- Security researchers have recommended utilizing multi-factor authentication and regular security awareness training.
| |
A white hat hacker has breached a PHP repository that has 500 million installs. The researcher inserted their resume into the code. More: - The packages had been abandoned and had not been updated for years, making them vulnerable to such attacks.
- The researcher used the packages to distribute their resume to potential employers, leveraging the popularity of the packages to increase their chances of being noticed.
- While the researcher's intentions were not malicious, the attack highlighted the potential risks of relying on third-party code libraries.
| |
 A message from VANTA To close and grow major customers, you have to earn trust. But demonstrating your security and compliance can be time-consuming, tedious, and expensive. Until you use Vanta. Trusted by over 5,000 global customers, Vanta: -
Automates up to 90% of compliance for SOC 2, ISO 27001, GDPR, HIPAA, and more, getting you audit-ready in weeks -
Helps your business scale and thrive while reducing the need for countless spreadsheets and endless email threads -
Saves you hundreds of hours of manual work and up to 85% of compliance costs And because Vanta is all about saving you time, here’s a 3-minute video showing you how Vanta’s platform can help you automate compliance, simplify security, and build trust to accelerate business growth. Watch it Here
| |
Cisco has warned its users of a security flaw that could lead to remote code execution. The company doesn't have a patch for the bug yet. More: - Cisco has released a security update to address a high-severity Remote Code Execution vulnerability in its SPA112 and SPA122 Series Analog Telephone Adapters.
- The vulnerability, tracked as CVE-2022-20523, is caused by a buffer overflow issue in the processing of Session Initiation Protocol packets.
- Attackers can exploit the flaw to execute arbitrary code with root privileges and take control of the vulnerable devices remotely.
- The vulnerability affects devices running firmware versions prior to 1.4.2 (011) for the SPA112 and 1.3.7(015) for the SPA122 series.
- Cisco has advised customers to update their devices to the latest available firmware versions to address the vulnerability and has also provided a workaround for those who cannot update immediately.
| |
Security researchers have discovered a new malware variant called Kekw. The variant targets Python developers. More: - Kekw malware is designed to execute shell commands, including downloading and executing other payloads, and can be used for different attack scenarios.
- The malware is being distributed through third-party Python package repositories that are not officially maintained, and it is hidden inside seemingly legitimate packages.
- The packages with the Kekw malware are often designed to resemble well-known and widely-used packages, which can make it difficult for developers to spot the threat.
- Developers are advised to carefully vet the Python packages they use, only download packages from official repositories, and be vigilant for any unusual behavior on their systems. Additionally, users are encouraged to keep their systems up-to-date with the latest security patches and anti-virus software to mitigate the risk of Kekw malware and other threats.
| |
Quick Hits: - The company behind these surgical robots is planning to list on Nasdaq. Last day to fund your investment is on 5/10.*
- The BlackCat hacker group has published screenshots of internal emails and video conferences stolen from Western Digital.
- Uber's former chief security officer has been sentenced to three years probation for covering up a cyber-attack from law authorities. NOTE: Inside.com founder and CEO Jason Calacanis is an investor in Uber.
- Pro-Russia hackers are taking credit for a supposed cyberattack that brought down the website of the French Senate.
- Demo Divvy, get an Ember heated mug. Hot coffee and quick and easy expense management — get both when you demo Divvy.*
*This is sponsored content.
| |
Upcoming events at Inside: - May 08 - Inside.com Town Hall (Register Here)
- May 11 - Testing and monitoring large language models (LLMs) with TruEra (Register Here) *
- May 17 - Monthly Meditation guided by Nicholas Whitaker (Register Here)
- May 17 - Join Vanta's webinar to see Vendor Risk Management in action and learn about automating security reviews. (Register Here) *
*This is a sponsored listing.
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
| |
| |
