Zaid Shoorbajee – Page 20 – WindowsTechs.com

Threat X rakes in $8.2 million in Series A funding round

Posted on April 4, 2018 by Zaid Shoorbajee

Threat X, a Denver-based firewall solutions company, has landed $8.2 million in venture capital funding, the company announced on Wednesday. Threat X provides a software-as-a-service web application firewall (WAF). Its cloud-based threat detection software is deployed on customers’ web applications, where it finds and eliminates threats. The company says its services are highly adaptable to evolving network landscapes, complicated by the mixture of hybrid cloud, web application and legacy environments, as well as APIs for the web, mobile and internet of things. “The attack surface is very broad,” CEO Brett Settle told CyberScoop. “You’ve got the internet and you’ve got exposure now to virtually anyone in the world that can access your applications. And yet more and more companies are putting more of their business applications either in the cloud or exposing those capabilities to the cloud.” In a crowded marketplace for WAF services, Settle says what makes Threat X unique its kill-chain based approach. In practice, […]

The post Threat X rakes in $8.2 million in Series A funding round appeared first on Cyberscoop.

Continue reading Threat X rakes in $8.2 million in Series A funding round→

The Pentagon’s latest bug bounty target is its travel booking system

Posted on April 2, 2018 by Zaid Shoorbajee

The Department of Defense’s attraction to bug bounty programs continues with a contest to find security flaws in its travel booking system. The Pentagon is again pairing with HackerOne, a private company that has run similar programs for the Air Force, Army and the DoD at large, with hackers reporting hundreds of valid vulnerabilities and the Pentagon paying out hundreds of thousands of dollars. The latest program is focused on the Defense Travel System (DTS), an enterprise system that DoD personnel use to book things like airline and hotel reservations when they travel for DoD business. Because DTS is used by millions of people and maintains sensitive information, hardening its security is a priority for DoD, said Reina Staley, the chief of staff for the Defense Digital Service (DDS), which oversees the military’s bug bounty contests under the “Hack the Pentagon” program. “The quick, positive reception of the [Hack the Pentagon] program has been a major win; inviting hackers to uncover vulnerabilities in […]

The post The Pentagon’s latest bug bounty target is its travel booking system appeared first on Cyberscoop.

Continue reading The Pentagon’s latest bug bounty target is its travel booking system→

ProtonMail mobile apps now allow users to stash sensitive contact information

Posted on March 30, 2018 by Zaid Shoorbajee

ProtonMail, an email provider known for its focus on encryption, is adding a feature to its mobile apps that allows users securely store sensitive contact information. ProtonMail’s “encrypted contacts” feature allows users to store contact information like phone numbers, addresses, URLs and other notes in the app, protected by the service’s “zero-access encryption.” “Zero-access encryption” refers to the fact the only the user can access the encrypted information. “All of this additional information is encrypted and no one but you can access it — not even we can access it,” the company wrote in a blog post. In previous versions of ProtonMail’s iOS and Android apps, users could only store contact names and email addresses. This information is not encrypted, because it would prevent ProtonMail users from being able to send messages. Even though names and email addresses aren’t fully encrypted, that information is protected with a digital signature. The signature makes it […]

The post ProtonMail mobile apps now allow users to stash sensitive contact information appeared first on Cyberscoop.

Continue reading ProtonMail mobile apps now allow users to stash sensitive contact information→

Under Armour suffers breach affecting 150 million fitness app users

Posted on March 30, 2018 by Zaid Shoorbajee

Fitness wear company Under Armour is notifying users of its MyFitnessPal app that it suffered a breach affecting about 150 million users some time in February. Under Armour said in a press release on Thursday that an unauthorized party accessed data including usernames, email addresses and passwords. Most of the passwords, the company says, are protected using bcrypt, a one-way hashing function. The breach did not expose personally identifiable information, such as social security numbers, which the company does not collect. Nor did it expose payment information, which Under Armour says it processes separately. The Baltimore-based company says it learned of the incident on March 25 and began notifying users four days later through emails and in-app messaging. It is requiring that users change their passwords. “Once we became aware, we quickly took steps to determine the nature and scope of the issue. We are working with leading data security firms to […]

The post Under Armour suffers breach affecting 150 million fitness app users appeared first on Cyberscoop.

Continue reading Under Armour suffers breach affecting 150 million fitness app users→

Government’s supply chain risk is drawing more attention than ever, Capitol Hill aides say

Posted on March 28, 2018 by Zaid Shoorbajee

Supply chain risk is one of the main things keeping cybersecurity-focused government officials and partners up at night, speakers said at a conference Wednesday in Washington, D.C. The possibility of vulnerabilities being introduced into government networks through a piece of foreign-made hardware or software has spooked agencies into thinking more about how to work with vendors, congressional staffers and government security contractors said at the KNOW Identity Conference. The federal government has cracked down lately on what it sees as risks from foreign technology companies such as Kaspersky, Huawei and ZTE. The potential problems go much deeper than that, the speakers said. Vulnerabilities deep in a service’s supply chain can be difficult for either the government or the vendor to detect and can be exploited by hackers. Simply trusting vendors to do the work isn’t enough, said Nick Leiserson, legislative director for Rep. Jim Langevin, D-R.I., said. “The idea that we’re just […]

The post Government’s supply chain risk is drawing more attention than ever, Capitol Hill aides say appeared first on Cyberscoop.

Continue reading Government’s supply chain risk is drawing more attention than ever, Capitol Hill aides say→

Kenna Security raises $26 million in latest funding round

Posted on March 27, 2018 by Zaid Shoorbajee

Risk intelligence and vulnerability detection company Kenna Security on Tuesday announced $26 million in its Series C funding round. Kenna bills itself as a leader in predictive cyber risk, providing a platform that identifies threats in an organization’s networks. Their product identifies which threats pose the highest risk, allowing the customer to prioritize fixes. The company says the Kenna Security Platform uses machine learning to predict the probability that a vulnerability will be exploited, based on visibility of the vulnerability in the wild. “Kenna sees a world where teams work in collaboration to quickly and easily measure risk, prioritize remediation, and make a substantive difference in efficacy across the global attack surface and this investment is an endorsement of what we have achieved and our vision for the future,” said CEO Karim Toubba. The funding round, led by Bessemer Venture Partners, brings Kenna’s total venture capital funding to $50 million since the San Francisco company was founded […]

The post Kenna Security raises $26 million in latest funding round appeared first on Cyberscoop.

Continue reading Kenna Security raises $26 million in latest funding round→

Matthew Masterson joins NPPD as senior cybersecurity adviser

Posted on March 26, 2018 by Zaid Shoorbajee

Former Election Assistance Commission Chairman Matthew Masterson is joining the Department of Homeland Security’s office that coordinates the agency’s election cybersecurity programs. Christopher Krebs, acting Under Secretary of DHS’s National Protection and Programs Directorate, announced in a press release Monday that the Office of Cybersecurity and Communications is bringing Masterson on as a senior cybersecurity adviser. “There are few who have Matt’s experience working with all levels of government and the private sector to protect our nation’s election systems,” Krebs said. “Matt is one of the most equipped to advise on this non-partisan issue and will be an asset to the organization. In a time where technology is constantly evolving, it is more important than ever that DHS maintains productive and trusted relationships with our partners.” Masterson served as an EAC commissioner from December 2014 until last month. Masterson has also served in various roles in Ohio’s Secretary of State’s office, […]

The post Matthew Masterson joins NPPD as senior cybersecurity adviser appeared first on Cyberscoop.

Continue reading Matthew Masterson joins NPPD as senior cybersecurity adviser→

Bipartisan bills call for disclosure of intelligence agency budgets

Posted on March 23, 2018 by Zaid Shoorbajee

New legislation introduced Friday would force intelligence community agencies to publicly disclose their annual budget requests. The Intelligence Budget Transparency Act is being introduced in both the House and Senate, according to a press release from Sen. Ron Wyden, D-Ore. The bill directs the president to disclose the “amount of funding budgeted for intelligence agencies and activities” — often referred to as the black budget. Wyden, who is introducing the Senate version with Sen. Rand Paul, R-Ky., said in a press release that the bill is a step toward greater accountability and transparency in the intelligence community. “By operating secret programs funded by secret budgets, our national intelligence agencies enjoy a blank check as far as the American taxpayers are concerned,” Wyden said. “With little to no public oversight, it is even more important that Americans have at least some sense of whether they’re getting what they paid for. Rep. Peter Welch, […]

The post Bipartisan bills call for disclosure of intelligence agency budgets appeared first on Cyberscoop.

Continue reading Bipartisan bills call for disclosure of intelligence agency budgets→

Stalled election security bill is reborn with support from Senate Intelligence Committee

Posted on March 22, 2018 by Zaid Shoorbajee

A bipartisan group of lawmakers from the Senate Intelligence Committee is reintroducing a bill that aims to bolster election cybersecurity. The purpose of the original Secure Elections Act is intact: to facilitate communication between the federal government and the state and local offices that run elections, to expedite security clearances for those officials and to provide financial support for state election infrastructure. Changes include making funding available to local election jurisdictions and create an election security advisory panel, among other things. The new bill retains its five original bipartisan co-sponsors, but notably now includes leaders from the Senate Intelligence Committee — Sen. Richard Burr, R-N.C., who serves as the chair and Sen. Mark Warner, D-Va., who is the vice chair. “Our democracy is under attack by foreign actors who seek to undermine and destabilize our country,” Burr said in a press release. “This bill will help strengthen our cybersecurity heading […]

The post Stalled election security bill is reborn with support from Senate Intelligence Committee appeared first on Cyberscoop.

Continue reading Stalled election security bill is reborn with support from Senate Intelligence Committee→

Senate hearing presses DHS for details on election security progress

Posted on March 22, 2018 by Zaid Shoorbajee

A Senate Intelligence Committee hearing on Wednesday appraised how well the Trump administration is tackling the issue of election security, amid fears of foreign interference through cyberattacks and other means. Much of the hearing focused on the increasingly close relationship between the Department of Homeland Security and the state and local offices that run elections. Having declared election systems as part of the country’s critical infrastructure in January 2017, DHS has been offering states and localities various forms of voluntary support on election security. Many election officials initially were skeptical of the designation and feared federal overreach, a sentiment that was acknowledged at Wednesday’s hearing. “The administration of elections is the responsibility of the state and local officials and the support your agency provides is on a voluntary basis. What we’ve learned is that states will only engage with the department if they feel there’s value,” said Chairman Richard Burr, R-N.C. DHS Secretary Kirstjen Nielsen […]

The post Senate hearing presses DHS for details on election security progress appeared first on Cyberscoop.

Continue reading Senate hearing presses DHS for details on election security progress→