Greg Otto – Page 39 – WindowsTechs.com

U.S. sanctions Russia over attempts to hack energy grid, NotPetya

Posted on March 15, 2018 by Greg Otto

The Trump administration announced Thursday sanctions against Russian entities for a multitude of actions, including meddling in the 2016 presidential election, the NotPetya attack and persistent attempt to break into the U.S. energy grid. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned five entities and 19 individuals with ties to the Kremlin, including high-ranking officials in Russia’s Federal Security Service (FSB) and Main Intelligence Directorate (GRU). “The administration is confronting and countering malign Russian cyber activity, including their attempted interference in U.S. elections, destructive cyber-attacks, and intrusions targeting critical infrastructure,” said Treasury Secretary Steven Mnuchin. “These targeted sanctions are a part of a broader effort to address the ongoing nefarious attacks emanating from Russia.” Senior administration officials say that a number of those sanctioned are responsible for attempts to breach industrial control systems tied to the U.S. energy grid. Officials say attackers conducted a “multi-stage campaign” […]

The post U.S. sanctions Russia over attempts to hack energy grid, NotPetya appeared first on Cyberscoop.

Continue reading U.S. sanctions Russia over attempts to hack energy grid, NotPetya→

Behavioral analytics firm BioCatch raises $30M to expand product

Posted on March 12, 2018 by Greg Otto

New York-based BioCatch announced a $30 million funding round Monday, with plans to boost its platform that relies on behavioral analytics to detect fraud, including identity theft and spoofed accounts. Launched in Israel, BioCatch proactively collects and analyzes more than 2,000 parameters to generate user profiles and model different types of genuine and malicious behavior. The platform measures a variety of actions, including mouse clicks, typing tendencies and swipe time on mobile. Enterprise security teams are alerted if anomalous behavior is detected, and are given the opportunity to replay sessions that are flagged as fraudulent. The company has relationships with Experian, LexisNexis Risk Solutions and Samsung SDS. It also has partnerships with U.S.-based software company Nuance Communications and U.K. based-bank NatWest. “We take pride in the track record we have amassed and the role that we play as an integral part of our clients’ identity strategy,” said BioCatch Chief Executive […]

The post Behavioral analytics firm BioCatch raises $30M to expand product appeared first on Cyberscoop.

Continue reading Behavioral analytics firm BioCatch raises $30M to expand product→

Netsparker gets $40 million to grow its security scanner business

Posted on March 8, 2018 by Greg Otto

The market for vulnerability scanning tools is a crowded one. Yet the money continues to flow for companies looking to cement their share. Case in point: London-based Netsparker announced Thursday it has secured $40 million in private funding from San Francisco-based private equity firm Turn/River Capital. Netsparker likes to separate itself from its competitors by relying on what the company calls “proof-based scanning technology,” which avoids overwhelming security practitioners with false positives. The scanner actually exploits vulnerabilities, provides proof in a read-only manner, and gives security teams a better idea of what needs to be prioritized. “With overwhelming market demand for this solution in the face of increasing security and compliance regulations, such as Europe’s GDPR, Netsparker aims to become the de facto solution for enterprises that need to secure thousands of web applications at scale,” said Netsparker CEO Ferruh Mavituna. Netsparker lists Sony, Siemens and The Walt Disney Company […]

The post Netsparker gets $40 million to grow its security scanner business appeared first on Cyberscoop.

Continue reading Netsparker gets $40 million to grow its security scanner business→

GDPR will change how companies work with cloud providers

Posted on March 1, 2018 by Greg Otto

One of the bigger stipulations in GDPR is that third-party service providers, including companies who run the ever-ubiquitous cloud, will also be responsible for following the correct protocols when it comes to protecting EU citizen data. Yet just as companies keep throwing everything into the cloud, we are seeing errors in the way they safeguard personally identifiable data. If you have been following the work of Chris Vickery, you know how easily these errors can be found. Vickery, ‎director of cyber risk research for California-based Upguard, has been finding misconfigured cloud instances all over the internet. Just in the past year, Vickery identified these openly discoverable instances associated with a Florida credit monitoring firm, media behemoth Viacom, and even at the Department of Defense. Each finding had enough PII to keep privacy officers sleepless for weeks. While they were all based in America, Vickery recently came across a similar breach at French marketing firm Octoly, which caters […]

The post GDPR will change how companies work with cloud providers appeared first on Cyberscoop.

Continue reading GDPR will change how companies work with cloud providers→

Splunk acquires Phantom Cybersecurity for $350 million

Posted on February 27, 2018 by Greg Otto

Big data analyzation platform company Splunk announced Tuesday that it will acquire security automation and orchestration company Phantom Cybersecurity in a deal worth $350 million. Phantom’s platform relies on automation to complete various tasks and workflows, freeing up enterprise security teams to focus on high-level issues. By combining Phantom’s product into Splunk’s data automation platform, enterprises will be able to further reduce risk and respond faster to security incidents. “Phantom’s employees and technology significantly expand and strengthen Splunk’s vision for the security nerve center and for business revolution through IT,” said Doug Merritt, Splunk’s president and CEO. “Splunk is committed to continuously pushing the limits of technology to help our customers get the answers they need from their data.” The cybersecurity world has been buzzing about Phantom over the past two years. The company was named the Most Innovative Startup at the 2016 RSA Innovation Sandbox contest. It has raised […]

The post Splunk acquires Phantom Cybersecurity for $350 million appeared first on Cyberscoop.

Continue reading Splunk acquires Phantom Cybersecurity for $350 million→

Why GDPR is flipping the thought process around data ownership

Posted on February 16, 2018 by Greg Otto

A lot of the discussion around GDPR has focused on individual privacy. Thomas Fischer says that’s not what the law is about. It’s about data protection. And the noise around that point is a big misconception. Fischer spoke with CyberScoop for our new podcast series, Decoding GDPR, in order to get the facts straight when it comes to the European law. “It’s not about protecting the individual’s privacy, it’s protecting personal data,” says Fischer, a global security advocate based in London. “The GDPR actually says that it’s there to re-appropriate the person’s data, so that the person owns it. That’s a complete mind shift. If you think about it, companies collect data and think “OK, I’m collecting this data, I own this data, this is my data.’” That mind shift is something companies will have to embrace if they want to be in tune with the law once it goes […]

The post Why GDPR is flipping the thought process around data ownership appeared first on Cyberscoop.

Continue reading Why GDPR is flipping the thought process around data ownership→

DataVisor raises $40 million Series C for machine-learning fraud detection

Posted on February 12, 2018 by Greg Otto

DataVisor, a company that uses machine learning to detect fraud, announced a $40 million Series C funding round Monday led by Sequoia Capital China. The company, founded by two former Microsoft Research employees, uses unsupervised machine learning to discover malicious behavior. Unsupervised learning allows machines to track patterns across data sets in order to make decisions on their own, as opposed to supervised learning, which trains computers through data feeds provided by engineers. DataVisor detects various types of fraud and abuse, including fraudulent transactions, fake content, spam and abuse, identity theft, application fraud and money laundering. The company says its technology protects 2 billion users globally, with a client list that includces Pinterest, Yelp, Alibaba Group, Dianping, Toutiao, Cheetah Mobile and Tokopedia. “Enterprises today are facing constantly evolving threats from sophisticated and tech-savvy fraudsters who continuously experiment and find ways to evade detection,” said Yinglian Xie, CEO and co-founder of DataVisor. “This new […]

The post DataVisor raises $40 million Series C for machine-learning fraud detection appeared first on Cyberscoop.

Continue reading DataVisor raises $40 million Series C for machine-learning fraud detection→

Government websites, including uscourts.gov, pulled into cryptomining scheme

Posted on February 12, 2018 by Greg Otto

A slew of government websites, including the site run by the United States federal court system, were among the thousands pulled into a cryptomining scheme via a third-party browser plugin. Scott Helme, a security researcher based in the United Kingdom, found malicious code planted on websites through Browsealoud, an accessibility plugin that reads websites for people with vision problems. Since the plugin is added to a site’s source code, any site running the plugin was co-opted into a scheme to mine Monero. Ummm, so yeah, this is *bad*. I just had @phat_hobbit point out that @ICOnews has a cryptominer installed on their site… 😮 pic.twitter.com/xQhspR7A2f — Scott Helme (@Scott_Helme) February 11, 2018 Among those affected are health care sites in the U.K., university sites in Sweden and makeup retail sites based in Brazil. In the U.S., uscourts.gov, Indiana’s state website and wmata.com, the website for the Washington Metro Area Transit […]

The post Government websites, including uscourts.gov, pulled into cryptomining scheme appeared first on Cyberscoop.

Continue reading Government websites, including uscourts.gov, pulled into cryptomining scheme→

Proofpoint acquires Wombat Security Technologies for $225 million

Posted on February 7, 2018 by Greg Otto

Proofpoint has announced it has entered into an agreement to purchase Pittsburgh-based Wombat Security Technologies for $225 million in cash. By acquiring Wombat, the Sunnyvale, California-based company adds phishing simulation and security training to its suite of products. Proofpoint’s established products and solutions include email security, advanced threat protection and data archiving. Proofpoint also will incorporate Wombat’s PhishAlarm into its threat intelligence products, with the goal of providing broader visibility and intelligence when it comes to phishing attacks. More than of half of all respondents (53 percent) to a Wombat-authored study dealt with spearphishing attacks in 2017. Because threat actors target employees as the weakest link, companies need to continuously train employees and arm them with real-time threat data,” said Gary Steele, Proofpoint CEO, in announcing the deal Tuesday. “The acquisition of Wombat gives us greater ability to help protect our customers from today’s people-centric cyberattacks, as cybercriminals look for new […]

The post Proofpoint acquires Wombat Security Technologies for $225 million appeared first on Cyberscoop.

Continue reading Proofpoint acquires Wombat Security Technologies for $225 million→

Apple, Cisco team up with cyber insurers for policy discounts

Posted on February 5, 2018 by Greg Otto

Apple and Cisco will be partnering with two insurance firms to give organizations discounts on cyber insurance policies when they use equipment from both technology companies. The two tech giants, along with Allianz SE and Aon Plc, will give companies a full suite of options for managing their cyber risk. Participants will receive cheaper insurance policies through Allianz if they use Apple’s iPhone, iPad, and Mac along with Cisco’s ransomware defense products. Enterprises also will able to undergo a “cyber resilience evaluation,” courtesy of Aon, that will assess security postures and recommend ways to improve defenses. In the event of an attack, companies will have access to Cisco and Aon’s Incident Response teams. “Organizations urgently need to be managing these risks from both the technical and the financial perspective,” said Aon Cyber Solutions CEO Jason Hogg in a statement. “We can provide customers with guidance on what cyber defenses, resources and processes to […]

The post Apple, Cisco team up with cyber insurers for policy discounts appeared first on Cyberscoop.

Continue reading Apple, Cisco team up with cyber insurers for policy discounts→