CEO of Cyber Fraud Startup NS8 Arrested By FBI, Facing Fraud Charges

An anonymous reader quotes a report from Forbes: The CEO of a startup that sold fraud prevention software is facing fraud charges after he was arrested Thursday by the FBI in Las Vegas. Adam Rogas, who abruptly resigned from NS8 earlier this month, is accused of misleading investors who poured in $123 million to his company earlier this year, a deal in which he allegedly pocketed more than $17 million. “Adam Rogas was the proverbial fox guarding the henhouse,” acting Manhattan U.S. Attorney Audrey Strauss said in a press statement. “While raising over $100 million from investors for his fraud prevention company, Rogas himself allegedly was engaging in a brazen fraud.”

NS8 launched in 2016 to provide online fraud detection and prevention software for small businesses. More than 200 NS8 employees were laid off last week after executives told them the company was under investigation by the SEC for fraud. The news was startling for many, considering the company had announced a $123 million Series A funding round in June, led by global VC firm Lightspeed Venture Partners. In a statement, NS8 said that its board “has learned that much of the company’s revenue and customer information had been fabricated by Mr. Rogas.” The company added that no other employees or stakeholders had been charged and that it is cooperating with federal investigators. In its complaint, filed in the Southern District of New York, the Justice Department alleged that from January 2019 to February 2020, between 40% and 95% of NS8’s assets were made up. During that period, the agency alleged, Rogas presented doctored bank statements to reflect over $40 million in fictitious revenue. Charges by the Justice Department carry penalties up to 20 years in prison. Rogas is expected to face a judge in Nevada on Friday.

In the WeChat, TikTok US shutdown order, TikTok gets Nov. 12 stay, keeping it up through the US election and Oracle dealmaking

The U.S. Commerce Department has now announced the details of how it will enforce the shutdown of TikTok and WeChat in the country, after announcing in August plans to do so by September 20 over national security concerns. The news is structured along two dates, September 20 and November 12. Both apps and their app updates will no longer be distributed in U.S. app stores as of September 20. But TikTok specifically gets an extension on how it operates until November 12.

Expert Reacted On Patient Dies After Hackers Attack Hospital In Germany

A patient has died as result of a cyberattack at a German hospital. As per hospital investogation, hacker attacked a weak spot in “widely used commercial add-on software,” resulting in system crashed and the hospital wasn’t able to access data; emergency patients were taken elsewhere and operations postponed. Cybersecurity experts reacted below on this critical incident.

Detect even the sneakiest insider threats with Cisco Stealthwatch

The modern network has all of the tools needed to batten down the hatches on even the most sophisticated of threats. Your perimeter-based security tools are preventing breaches from malicious actors while your endpoint tools are protecting individual devices from compromise. But what happens when threats don’t look like threats? What happens when a threat actor already has a foothold into the network? The IP checks every box? These are called insider threats, and we’ve seen some big-name enterprises fall victim to such attacks in recent years.

In the WeChat, TikTok U.S. shut down order, TikTok gets Nov 12 stay, keeping it up through the US election and Oracle dealmaking

The U.S. Commerce Department has now announced the details of how it will enforce the shutdown of TikTok and WeChat in the country, after announcing in August plans to do so by September 20 over national security concerns. The news is structured along two dates, September 20 and November 12. Both apps and their app updates will no longer be distributed in U.S. app stores as of September 20. But TikTok specifically gets an extension on how it operates until November 12.

This Week in Security: AD has Fallen, Two Factor Flaws, And Hacking Politicians

The big news this week is the huge flaw in Microsoft’s Active Directory, CVE-2020-1472 (whitepaper). Netlogon is a part of the Windows domain scheme, and is used to authenticate users without actually sending passwords over the network. Modern versions of Windows use AES-CFB8 as the cryptographic engine that powers Netlogon authentication. This peculiar mode of AES takes an initialization vector (IV) along with the key and plaintext. The weakness here is that the Microsoft implementation sets the IV to all zeros.