Zaid Shoorbajee – Page 6 – WindowsTechs.com

ForeScout acquires OT security firm SecurityMatters for $113 million

Posted on November 9, 2018 by Zaid Shoorbajee

ForeScout Technologies, a network security company that focuses on internet-of-things, operational technology and cloud computing, announced on Thursday that it acquired OT security company SecurityMatters for $113 million. With the increasing convergence of IT and OT, the purchase is meant boost ForeScout’s ability to deliver security in enterprise and industrial environments. “ForeScout’s acquisition of SecurityMatters is a natural fit as it takes us deeper into a market where we have an established foothold and are seeing explosive customer demand,” said ForeScout CEO Michael DeCesare, in a press release. The deal comes after the two companies have been partnering for about a year. The companies said their combined monitoring and assessment capabilities will help them provide customers with “deeper visibility into OT and [industrial control system] environments” and better manage network risk, among other improvements. “Virtually every company with OT needs to rethink its cybersecurity strategy,” said SecurityMatters CEO Damiano Bolzoni. […]

The post ForeScout acquires OT security firm SecurityMatters for $113 million appeared first on Cyberscoop.

Continue reading ForeScout acquires OT security firm SecurityMatters for $113 million→

Apache alerts developers of remote code execution flaw

Posted on November 7, 2018 by Zaid Shoorbajee

The team that develops the Apache Struts framework is alerting users of a critical vulnerability that could allow remote code execution attacks. The Apache Foundation urged developers to update a key component of the framework in order to patch the flaw in an alert posted Monday. Projects using Struts 2.3.36 and prior are affected, Apache said, because of a vulnerable commons-fileupload library. The up-to-date version already uses the latest component. Developers need to update in order to use the latest version of the commons-fileupload library in order to “prevent your publicly accessible web site from being exposed to possible Remote Code Execution attacks,” the Apache team said. Such an attack would allow hackers to potentially take over an unsuspecting developer’s server and install malware. “Your project is affected if it uses the built-in file upload mechanism of Struts 2, which defaults to the use of commons-fileupload,” the warning said. The […]

The post Apache alerts developers of remote code execution flaw appeared first on Cyberscoop.

Continue reading Apache alerts developers of remote code execution flaw→

DHS on Election Day: No malicious cyber-activity observed

Posted on November 7, 2018 by Zaid Shoorbajee

As midterm election results are tallied, officials said Tuesday that they have not seen any malicious cyber-activity targeting election infrastructure. Department of Homeland Security officials held periodic press calls to issue updates Tuesday, addressing if they’ve had to deal with attempted interference. Shortly after 9 p.m. EST, officials were maintaining that they have seen “no reported cybersecurity events that would affect the ability to cast and count votes.” Officials said that some level of online probing or scanning of state systems was observed, but the activity did not go beyond what was anticipated and was not attributed to malicious actors. “What we continue to see is your run of the mill activity like scanning,” a DHS official said during a noon EST call with reporters. “It happens every day. In a lot cases it’s not even election infrastructure systems that are being scanned. It’s state systems.” Officials also said that they have not […]

The post DHS on Election Day: No malicious cyber-activity observed appeared first on Cyberscoop.

Continue reading DHS on Election Day: No malicious cyber-activity observed→

Tech companies offered free products to help secure the election. Now what?

Posted on November 6, 2018 by Zaid Shoorbajee

The unprecedented foreign hacking and misinformation campaigns that were reported around the 2016 U.S. election cast a cloak of doubt over the integrity of the country’s democratic process. The threat sent government officials on the federal, state and local level scrambling to ensure that the country’s voting machines, voter registration systems, pollbooks, results-reporting websites and other election technology is ready for the midterm elections. Over the past few months, about a dozen technology companies have announced programs offering state and local election offices or political organizations free services to help them fend off looming threats, including email protection, extra security for cloud applications, basic antivirus coverage, multi-factor authentication tools and several other types of products. As elections in the U.S. are run by the states, securing a federal election requires a massive coordinated effort. The federal government has been playing a greater role to this end since 2016, but can only do so much without […]

The post Tech companies offered free products to help secure the election. Now what? appeared first on Cyberscoop.

Continue reading Tech companies offered free products to help secure the election. Now what?→

Veracode sold to Thoma Bravo for $950 million

Posted on November 5, 2018 by Zaid Shoorbajee

Thoma Bravo, an American private equity firm, announced on Monday that it is purchasing application security testing company Veracode from Broadcom for $950 million in cash. Based in Burlington, Massachusetts, Veracode is a software-as-a-service (SaaS) company that helps software developers detect security issues in their applications at various points in the software development cycle. Thoma Bravo and Veracode said in a press release that the acquisition is meant to further Vercaode’s “future operational and product development plans.” “Partnering with Thoma Bravo, a proven security software investor, is expected to extend our market reach and further fuel our innovation so that we can offer the broadest software security platform and empower us to accelerate growth — all to allow us to transform the way companies achieve their software security goals,” said Sam King, currently Veracode’s senior vice president and product manager, and CEO-to-be when the deal is done. Veracode hasn’t been […]

The post Veracode sold to Thoma Bravo for $950 million appeared first on Cyberscoop.

Continue reading Veracode sold to Thoma Bravo for $950 million→

Radisson discloses data breach impacting rewards customers

Posted on November 1, 2018 by Zaid Shoorbajee

Radisson Hotel Group, an international hospitality chain, disclosed Thursday that it suffered an incident in which some customer information was exposed. The compromised information includes basic name, residence, email address for all impacted customers. In some cases, it also includes company names, phone numbers, rewards numbers and frequent flier numbers. The company stressed that the breach did not involve credit card information or passwords. Customers who’ve stayed at Radisson hotels but aren’t rewards members are not affected, the company said. Radisson warns in its disclosure that hackers might try to use some of this information to conduct phishing attempts “including through the use of links to fake websites,” and try to deceive customers into sending passwords or other information. The hotel company did not describe the nature of the “data security incident” or say how many people were impacted, but said it was a “small percentage” of rewards customers. It’s […]

The post Radisson discloses data breach impacting rewards customers appeared first on Cyberscoop.

Continue reading Radisson discloses data breach impacting rewards customers→

Federal insider-threat programs get a dose of ‘Maturity’

Posted on November 1, 2018 by Zaid Shoorbajee

A government task force hopes to improve federal agencies’ ability to identify insider threats and avoid the leak of sensitive or classified information. The National Insider Threat Task Force (NITTF) — run by the FBI and the Office of the Director of National Intelligence — released the “ Insider Threat Program Maturity Framework” on Thursday. It complements a set of standards the task force released in 2012 that set the “minimum elements necessary to establish functional insider threat programs.” The aim with the new framework is to help federal agencies go beyond the minimum guidelines issued six years ago and be “more proactive, comprehensive, and better postured to deter, detect, and mitigate insider threat risk.” It can be used to start an insider threat program or augment an existing one. The framework comprises 19 “maturity elements,” such as the ability to adapt a program to comply with changing laws; educating employees […]

The post Federal insider-threat programs get a dose of ‘Maturity’ appeared first on Cyberscoop.

Continue reading Federal insider-threat programs get a dose of ‘Maturity’→

INKY emerges from stealth with email spoofing, phishing protection service

Posted on October 30, 2018 by Zaid Shoorbajee

INKY, a startup that provides protection against email spoofing and phishing services, emerged from stealth mode on Tuesday and announced its “INKY Phish Fence” product. The product helps organizations detect spoofing attempts whereby attackers hijack a domain to pose as a credible entity. It also uses “anomaly detection algorithms” to warn employees of suspicious emails and detect spearpshing and extortion attempts. Based in Rockville, Maryland, INKY has raised about $5.8 million in venture capital funding, according to Crunchbase, including a $5.6 million Series A round backed by ClearSky Security, Gula Tech Adventures and Blackstone. “There is an obvious lack of innovation around detecting and preventing today’s sophisticated phishing attacks. With the launch of INKY Phish Fence, enterprises will now be able to detect and prevent against the industry’s most common, yet formidable vectors,” said Ron Gula, founder of Gula Tech Adventures, in a press release. “Investing in this space is […]

The post INKY emerges from stealth with email spoofing, phishing protection service appeared first on Cyberscoop.

Continue reading INKY emerges from stealth with email spoofing, phishing protection service→

Signal Messenger tests feature to encrypt sender identity along with message

Posted on October 29, 2018 by Zaid Shoorbajee

Signal, the encrypted messaging app, is testing a new “sealed sender” feature that aims to limit even further the amount of information it transmits, the company announced on Monday. By the nature of the app, messages sent via Signal are end-to-end encrypted, meaning only the sender and recipient have the key to view the contents of the message. In the newest beta, the app will allow users to encrypt the identity of the sender In a blog post, the company explains that Signal traditionally uses the Transport Layer Security (TLS) protocol to validate the sender’s identity and inform the recipient who that is. That means that, while the contents are encrypted, the sender’s and receiver’s identity can be intercepted. With the new feature, the app can also encrypt the sender certificate. The recipient’s client then decrypts the “envelope” containing the sender information with their own identity key. “While the service […]

The post Signal Messenger tests feature to encrypt sender identity along with message appeared first on Cyberscoop.

Continue reading Signal Messenger tests feature to encrypt sender identity along with message→

University DDoS attack leads to $8.6 million fine, house arrest for New Jersey man

Posted on October 26, 2018 by Zaid Shoorbajee

One of the masterminds behind the massive Mirai botnet attack of 2016 has been sentenced after pleading guilty to another set of disruptive attacks on Rutgers University between 2014 and 2016, the U.S. Attorney’s Office for New Jersey announced Friday. The Department of Justice says that between 2014 and 2016, Paras Jha violated the Computer Fraud and Abuse Act by launching several distributed denial-of-service (DDoS) attacks on Rutgers University, flooding the university’s network with internet traffic. His attacks paralyzed a central server at Rutgers that maintained a portal that students and faculty use for assignments, prosecutors say. “Jha succeeded in taking the portal offline for multiple consecutive periods, causing damage to Rutgers University, its faculty, and its students,” the DOJ announcement said. For the crime, the 22-year-old from Union County, New Jersey, is being ordered to pay $8.6 million in restitution, serve six months of house arrest, and perform 2,500 hours […]

The post University DDoS attack leads to $8.6 million fine, house arrest for New Jersey man appeared first on Cyberscoop.

Continue reading University DDoS attack leads to $8.6 million fine, house arrest for New Jersey man→