Author: Blog

Samooha, a startup developing a “cross-cloud” data collaboration platform, today announced that it raised $12.5 million in a funding tranche backed by Altimeter Capital and Snowflake Ventures, among others. CEO Kamakshi Sivaramakrishnan says that the cash infusion — Samooha’s first — will be put toward product development and hiring; the plan is to grow the startup’s team from 14 developers to roughly 20 by the end of the year.

Most of the pitch deck teardowns to date (here’s a handy list of the more than 30 we have published so far) have been for institutional funding rounds, typically in the millions or tens, even hundreds of millions of dollars raised.

Leaks of API keys and other secrets. The industry has been abuzz with news about attacks – and the ongoing ripple effect – involving leaked API keys, credentials and other secrets. This adds another dimension to your API attack surface, which in turn complicates your defenses and adds to your workload. So, this month the focus of The APIary is on leaked API keys and other secrets – read on for this month’s bit o’ honey.

Supply chain attacks occur when a third-party vendor or partner with less robust security measures is breached, allowing attackers to indirectly gain access to an organization. This can happen through backdoors planted in software updates, as seen in incidents like SolarWinds and Kaseya. New architectures such as multi-cloud and microservices have made consistent security controls […]

co-authored with Michael Elliott, Lead Researcher, Anomali Research Team

Europe has moved a step closer to having dedicated rules on online political ad targeting and transparency after the European Parliament fixed its negotiating position — paving the way for talks to start between MEPs and Member States to agree a final compromise text that can be passed into pan-EU law.

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek’s user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Editor’s Note: This is an excerpt of a full report. To read the entire analysis with endnotes, click here to download the report as a PDF.

Password management company Dashlane has made its mobile app code available on GitHub for public perusal, a first step it says in a broader push to make its platform more transparent.

We recently helped a CISO quickly turn around a cost benefit analysis using cyber risk quantification to make the case to save an important security project from death by budget cut.  Here’s the story: 

Many organizations are struggling today with aligning their security controls with what underwriters now require in order to get insurance coverage against ransomware attacks. From the identity protection perspective, even the initial discovery of MFA and administrative access gaps to address can be a severe challenge, due to a lack of tools that can reveal the security posture of all admin users and service accounts. This is why Silverfort is launching a free identity security assessment offering — to assist organizations in this task and enable them to easily meet insurers’ requirements.

Be impeccable with your words. It’s the first of the Four Agreements – a set of universal life principles outlined in the bestselling book by Don Miguel Ruiz. ‘Being impeccable with your words’ is my favorite, and it’s no surprise. As a product marketer, I spend most of my daily existence casting about for the perfect word to use in web copy, a webinar, or video script.

In today’s security climate, NetOps and SecOps teams are witnessing increased attack surface area as applications and workloads move far beyond the boundaries of their data center. These applications/workloads move to, and reside in multi-cloud architecture, adding complexity to connectivity, visibility, and control. In the multi-cloud world, the SecOps teams use a distributed security model that is expensive, difficult to deploy, and complex to manage.

EXECUTIVE SUMMARY

• Since at least 2019, the Mustang Panda threat actor group has targeted government and public sector organizations across Asia and Europe [3] with long-term cyberespionage campaigns in line with strategic interests of the Chinese government.
• In November 2022, Mustang Panda shifted from using archive files to using malicious optical disc image (ISO) files containing a shortcut (LNK) file to deliver the modified version of PlugX malware. This switch increases the evasion against anti-malware solutions [2].
• The Mustang Panda APT group loads the PlugX malware in the memory of legitimate software by employing a four-stage infection chain which leverages malicious shortcut (LNK) files, triggering execution via dynamic-link library (DLL) search-order-hijacking.

PLUGX MALWARE EXECUTION FLOW

Figure 1 – Execution flow of PlugX malware.

First Stage: PlugX Malware Delivered by ISO Image

In the first stage of the infection chain, EclecticIQ researchers assess that the malware was almost certainly delivered by a malicious email with an ISO image attachment. The ISO image contains a shortcut (LNK) file, but it decoyed as a DOC file called “draft letter to European Commission RUSSIAN OIL PRICE CAP sg de.doc”.  

AIs as Computer Hackers

Hacker “Capture the Flag” has been a mainstay at hacker gatherings since the mid-1990s. It’s like the outdoor game, but played on computer networks. Teams of hackers defend their own computers while attacking other teams’. It’s a controlled setting for what computer hackers do in real life: finding and fixing vulnerabilities in their own systems and exploiting them in others’. It’s the software vulnerability lifecycle.

Feb 02, 2023Ravie LakshmananDatabase Security / Cryptocurrency

Confused about the difference between a web application firewall (WAF) and a web application and API protection platform (WAAP)? Curious how intelligent a next-gen “intelligent WAF” really is? Wondering whether you need dedicated API security if you have a WAAP? Can you really trust a WAAP to secure your critical data and services?

On January 27, an urgent health warning was issued to notify the public about the risk posed by the radioactive capsule. Health authorities had a simple message to anyone who may come across it: Stay away. “It emits both beta rays and gamma rays so if you have it close to you, you could either end up with skin damage including skin burns,” the state’s Chief Health Officer Andy Robertson warned. By January 27, search parties were in full force looking for the tiny capsule. But they were not scouting for it using their eyes – they were using portable radiation survey meters. The survey meters are designed to detect radioactivity within a 20m radius. Police focused their efforts on the GPS route the truck had taken, and on sites close to Perth’s metropolitan and high-density areas. One site along the Great Northern Highway was prioritized by police on 28 January after unusual activity on a Geiger counter – a device used for measuring radioactivity – was reported by a member of public. But that search did not uncover the capsule.

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel.

The Australian Cyber Security Centre (ACSC) leads the Australian Government’s efforts to improve cyber security and recent data breaches and the potential theft of private data, have put a spotlight on API security.