Author Archives: Patrick Howell O'Neill

Anti-bot security firm PerimeterX lands $23 million investment

Posted on by

PerimeterX, an Israel- and Silicon Valley-based cybersecurity company that sells tools defending retailers against automated web attacks, announced Tuesday it received a $23 million investment led by the venture capital firm Canaan Partners. Investors have put a total of $34.5 million into PerimeterX since it was launched in November 2014. The company sells PX Bot Defender to more than 30 customers, including Wix, Seeking Alpha, Coupons.com and luxury consignment shop The RealReal. The product aims to detect and fend off bot or nonhuman attacks including scalping, carding, scraping, fraud, check-out abuse and account takeovers. Bot traffic surpassed human traffic on the internet in 2016, a repeat of 2012 and 2013, when nonhuman traffic also came out on top. Bot traffic will easily bypass human traffic in 2017, PerimeterX CEO Omri Iluz told CyberScoop. When bot activity moves from annoying to nefarious, the resulting numbers are substantial, including $2.6 billion in losses in 2016 from […]

The post Anti-bot security firm PerimeterX lands $23 million investment appeared first on Cyberscoop.

Continue reading Anti-bot security firm PerimeterX lands $23 million investment

Chinese tech firm continues to secretly siphon data from Android phones

Posted on by

Despite being caught a year ago, Android phones around the world are secretly sending sensitive user data to an opaque Chinese tech company whose software is found in millions of cheap phones used widely by lower-income customers in the developing world, Europe and the United States. Despite the controversy stirred by the original report — which prompted reactions everywhere from Google to the Department of Homeland Security — the Chinese firm continues to secretly siphon off user data without disclosure or consent, according to the latest round of research from the Virginia-based cybersecurity company Kryptowire. The new report comes nearly a year after Kryptowire researcher Ryan Johnson showed that more than 700 million Android smartphones, including some in the United States, carried the Chinese-authored software. Users are tracked by their movements and communications; the software tracks call logs, text messages, contact lists, GPS location and other data. The spyware has been selectively scaled back since it was originally […]

The post Chinese tech firm continues to secretly siphon data from Android phones appeared first on Cyberscoop.

Continue reading Chinese tech firm continues to secretly siphon data from Android phones

Hackers steal $32 million in Ether cryptocurrency hack

Posted on by

Hackers have stolen $32 million worth of Ether, a popular and increasingly valuable cryptocurrency, by exploiting a critical security vulnerability in wallet software that allowed an attacker to steal over 153,000 Ether. The theft is visible on Ether’s blockchain here, according to Gavin Wood, a co-founder of Ethereum, the software behind the currency. The attack began late on Tuesday and continued on Wednesday in a total of three transactions. When the attack was finally noticed, a group of white hat hackers used the same exploit to drain money from other vulnerable wallets in order to protect them from the theft. The money saved totaled 377,000 ETH worth over $75 million. “The white hat group were made aware of a vulnerability in a specific version of a commonly used multisig contract,” the group wrote. “This vulnerability was trivial to execute, so they took the necessary action to drain every vulnerable multisig they […]

The post Hackers steal $32 million in Ether cryptocurrency hack appeared first on Cyberscoop.

Continue reading Hackers steal $32 million in Ether cryptocurrency hack

NSA inspector general nominee pledges to investigate contractor leaks, whistleblower protections

Posted on by

The National Security Agency’s prospective new inspector general testified on Wednesday that he will investigate the intelligence agency’s problem of repeated contractor leaks. Robert Storch, the Justice Department’s deputy inspector general since March 2015, was first nominated in November by then-President Barack Obama. President Donald Trump nominated Storch again in June. Storch would become the NSA’s first independent watchdog. Storch sat before the Senate Intelligence Committee Wednesday, with questions about leaks sandwiched between inquiries about whistleblower protections at the NSA, two intimately related subjects that have moved to the center of the U.S. political universe over the last several years. Sen. Dianne Feinstein, D-Calif., asked that Storch’s new job quickly turn to the issue of NSA’s security woes. “I want to express a concern I have about NSA,” Feinstein said. “Beginning with [Edward] Snowden, we have had three major thefts of people walking out with classified material. I have spoken to the heads […]

The post NSA inspector general nominee pledges to investigate contractor leaks, whistleblower protections appeared first on Cyberscoop.

Continue reading NSA inspector general nominee pledges to investigate contractor leaks, whistleblower protections

Wyden urges DHS to adopt secure email authentication protocol

Posted on by

Sen. Ron Wyden, D-Ore., has asked the Department of Homeland Security to move the federal government to adopt a protocol that would defend and protect government offices from email spoofing and phishing attempts. According to a letter sent to acting DHS Deputy Undersecretary of Cybersecurity Jeanette Manfra, Wyden wants the government to adopt Domain-based Message Authentication, Reporting & Conformance. Widely known as DMARC, the protocol is technical standard finalized in 2015 by contributors including Google, Yahoo, Mail.ru, JPMorganChase and Symantec. The push for widespread adoption of DMARC is particularly timely now in the wake of a June 2017 report concluding that less than one-third of the largest 98 public and private hospitals in the United States secure their email with the technology. The same email-based threats faced by private enterprise have hit the U.S. government, especially in the last year. “The threat posed by criminals and foreign governments impersonating U.S. government agencies is real,” Wyden wrote. […]

The post Wyden urges DHS to adopt secure email authentication protocol appeared first on Cyberscoop.

Continue reading Wyden urges DHS to adopt secure email authentication protocol

State Department’s top cyber diplomat announces departure

Posted on by

Chris Painter, the State Department’s lead cyber diplomat for the past six years, is leaving at the end of this month. Painter, who was first appointed as the department’s coordinator for cyber issues by former Secretary of State Hillary Clinton in 2011,  led the United States’ cybersecurity diplomatic efforts, including representing the U.S. in bilateral meetings around the globe. Last month, he traveled to Israel to announce a cyber domain partnership between Israel and the United States. He’s worked to promote international cyber norms and represented the State Department on sensitive operations and responses to international threats. Prior to his work in the State Department, he worked in the White House for two years as the senior director for cybersecurity at the National Security Council. That was preceded by 19 years at the Department of Justice under Presidents George W. Bush, Bill Clinton and George H.W. Bush. Painter served during an epochal […]

The post State Department’s top cyber diplomat announces departure appeared first on Cyberscoop.

Continue reading State Department’s top cyber diplomat announces departure

Fall of AlphaBay raises ‘a different balance of power’ on the dark web

Posted on by

For criminal entrepreneurs, the fall of the dark web’s most profitable black market raises questions about which service will be the next illegal-marketplace titan or the next one whose operator lands behind bars. After three years of hosting a multimillion-dollar illegal business, AlphaBay ceased to exist earlier this month in the face of an international law enforcement operation.  Alexandre Cazes, a Canadian citizen who allegedly was one of the site’s operators, was found hanged in his Thailand prison cell Wednesday as extradition to the United States was being prepared. This comes just a few months after Ross Ulbricht, who was convicted and sentenced to life for running the dark web marketplace Silk Road, lost his appeal in a New York courtroom. AlphaBay sold a wide range of illicit goods including drugs, stolen data and hacking tools. At one point, AlphaBay operated as the criminal answer to Amazon.com’s hugely successful hold on the legal […]

The post Fall of AlphaBay raises ‘a different balance of power’ on the dark web appeared first on Cyberscoop.

Continue reading Fall of AlphaBay raises ‘a different balance of power’ on the dark web

AlphaBay shut down by law enforcement raids across three countries

Posted on by

AlphaBay, the largest and most profitable dark net black market to exist since the fall of Silk Road, was taken down by an international police action, according to the Wall Street Journal. The site shut down suddenly on July 5, prompting worries that millions of dollars could have been taken from its customers. In 2015, operators of one major dark net market took $12 million from users in just such a scheme. Instead, AlphaBay’s shutdown was due to raids and arrests by law enforcement in the United States, Canada and Thailand. Officials targeted Alexandre Cazes, a Canadian citizen thought to be the leader of AlphaBay. Cazes was found dead in a Thailand jail cell on Wednesday, supposedly while extradition to the U.S. was being prepared. The Bangkok Post reported that police impounded “four Lamborghini cars and three houses worth about 400 million baht ($11.7 million) in total” from Cazes, who had been living in Thailand for eight years. AlphaBay […]

The post AlphaBay shut down by law enforcement raids across three countries appeared first on Cyberscoop.

Continue reading AlphaBay shut down by law enforcement raids across three countries

Social media security and surveillance firm ZeroFOX raises $40M investment

Posted on by

ZeroFOX, one of the most prominent American social media security and surveillance companies, announced a $40 million Series C investment Wednesday that signals major growth in demand from governments and companies to keep a close eye — often with an artificial-intelligence brain behind it — on social media networks. The Baltimore-based startup’s products help manage what it calls “social media risk.” ZeroFOX sells “targeted collection of mass social and digital data” to customers in over 24 countries. “Social media risk” is a purposefully vanilla marketing term that at its core means an increasingly broad domain involving everything from malware campaigns and account takeovers to political action, cyberattacks and incidents in the physical world. Social media is an increasingly effective attack vector, as evidenced by a recent social media espionage campaign against the Defense Department that involved links from a robot Twitter account.   The new money will go toward sales, marketing […]

The post Social media security and surveillance firm ZeroFOX raises $40M investment appeared first on Cyberscoop.

Continue reading Social media security and surveillance firm ZeroFOX raises $40M investment

Cybersecurity doubts may spook voters in future elections

Posted on by

A new poll says growing concerns over cybersecurity could lead to millions of Americans staying home during the 2018 midterm elections and the subsequent 2020 presidential election. More than one in four American voters will consider not voting in upcoming elections due to concerns over cybersecurity, according to a new poll published Wednesday by the U.S. cybersecurity firm Carbon Black. That’s a jump of nearly ten percentage points from last year’s poll. The doubts are sharpest when it comes to the ability of state and local election authorities to defend against a cyberattack. Less than half of voters (45 percent) trust local authorities on cybersecurity, a number reflecting last month’s report that “election-related systems in 21 states that were targeted” by Russian hackers during the 2016 presidential election. Yet, less than half (47 percent) of American voters believed the 2016 election was influenced by foreign entities. That’s a sharp break with the U.S. intelligence community, but is […]

The post Cybersecurity doubts may spook voters in future elections appeared first on Cyberscoop.

Continue reading Cybersecurity doubts may spook voters in future elections