Synack – Page 3 – WindowsTechs.com

macOS High Sierra Available—And Vulnerable to Keychain Attack

Posted on September 26, 2017 by Michael Mimoso

Researcher Patrick Wardle has discovered a critical vulnerability that allows an attacker to dump passwords in plaintext from the macOS Keychain. The vulnerability is in macOS High Sierra, Sierra and El Capitan, and has yet to be patched. Continue reading macOS High Sierra Available—And Vulnerable to Keychain Attack→

Rapidly growing bug bounty company Bugcrowd names new CEO

Posted on August 28, 2017 by Chris Bing

The operator of one of the leading bug bounty platforms, California-based Bugcrowd, announced Monday that it will be taking a new direction with a leadership change. Chief Executive Officer Casey Ellis is stepping down to become chairman and chief technology officer of the company, which he helped launch in 2012 and now employs more than 100 people. Bugcrowd has experienced rapid growth over the last several years, having secured a number of contracts with the U.S. government and multiple Fortune 500 companies. Bug bounty companies pool the services of independent security researchers. Under the niche industry’s unique crowdsourcing model, those freelance hackers are paid for finding bugs in clients’ systems. In an interview with CyberScoop, Ellis said he made the decision to bring in a experienced and successful businessman in Ashish Gupta, a former chief marketing officer and executive vice president with cybersecurity firm Infoblox, to run day-to-day operations because he believed that […]

The post Rapidly growing bug bounty company Bugcrowd names new CEO appeared first on Cyberscoop.

Continue reading Rapidly growing bug bounty company Bugcrowd names new CEO→

Deprecated, Insecure Apple Authorization API Can Be Abused to Run Code at Root

Posted on August 24, 2017 by Michael Mimoso

An insecure Apple authorization API is used by numerous popular third-party application installers and can be abused by attackers ro run code as root. Continue reading Deprecated, Insecure Apple Authorization API Can Be Abused to Run Code at Root→

Deprecated, Insecure Apple Authorization API Can Be Abused to Run Code at Root

Posted on August 24, 2017 by Michael Mimoso

macOS Fruitfly Backdoor Analysis Renders New Spying Capabilities

Posted on July 24, 2017 by Michael Mimoso

This week at Black Hat, Mac malware expert Patrick Wardle will describe how he used a custom-built command and control server to analyze new spying capabilities in a variant of the FruitFly backdoor. Continue reading macOS Fruitfly Backdoor Analysis Renders New Spying Capabilities→

Hidden Mac malware designed to spy on ‘everyday people’

Posted on July 19, 2017 by Chris Bing

A unique Mac malware family that allows for a hacker to remotely spy on a targeted computer and install additional malicious software has been infecting U.S.-based machines for more than five years, according to Patrick Wardle, director of research with vulnerability testing firm Synack. The actor responsible for the malware, dubbed FruitFly, is believed to be an individual hacker who has over the years continuously updated and improved a distinctive suite of hacking tools tailored for breaking into Apple computers. Based on a forensic analysis of the malware, it’s likely that the hacker is not financially motivated or connected to a foreign intelligence service, said Wardle, a former NSA staffer. “This looks like a single attacker. And based on the malware’s capabilities, it seems like they did some pretty pervasive and intrusive stuff,” Wardle said. “The way the malware works it’s just not very scalable, this isn’t how an APT […]

The post Hidden Mac malware designed to spy on ‘everyday people’ appeared first on Cyberscoop.

Continue reading Hidden Mac malware designed to spy on ‘everyday people’→

U.S. launches ‘Hack the Air Force’ bug bounty program

Posted on April 26, 2017 by Patrick Howell O'Neill

The U.S. Air Force launched a new bug bounty program dubbed “Hack the Air Force” on Wednesday, continuing a trend within the U.S. military that began last year with Hack the Pentagon and Hack the Army. Before the Pentagon’s bug bounty programs launched, it was illegal to search for vulnerabilities on Defense Department networks. The trend has extended overseas, as well, with the U.K. government’s announcement of its own bug bounty program last month. The Air Force program is directed by HackerOne, the bug bounty platform behind Hack the Pentagon that just raised a $40 million investment in February, and Luta Security, the security consulting firm driving the U.K. program. HackerOne and Luta Security are partnering to deliver up to 20 bug bounty challenges over three years to the Defense Department. “This outside approach — drawing on the talent and expertise of our citizens and partner-nation citizens — in identifying our security vulnerabilities will […]

The post U.S. launches ‘Hack the Air Force’ bug bounty program appeared first on Cyberscoop.

Continue reading U.S. launches ‘Hack the Air Force’ bug bounty program→

Synack raises $21.25 million in Series C round

Posted on April 11, 2017 by Patrick Howell O'Neill

The company best known for assembling a team that took only four hours to find critical vulnerabilities in U.S. military systems announced Tuesday a $21.25 million Series C funding round led by Microsoft Ventures. Total investment in the Silicon Valley firm, Synack, is now $55.25 million. Its bug bounty and penetration testing platform operates with a more closed and exclusive model than competitors, as the company aims to emphasize actionable intelligence and minimize noise. Founded by two former NSA researchers, Synack vetted a team of white-hat hackers that found 138 vulnerabilities overall as part of the official Hack the Pentagon program, which is set to expand in the coming years. It was conducted in concert with HackerOne, another bug bounty platform that received $40 million in Series C funding in February. Compared with competitors, Synack employs a relatively smaller and more heavily vetted pool of hackers to work with clients. The process to get on Synack’s red ream involves an application, interview, skill […]

The post Synack raises $21.25 million in Series C round appeared first on Cyberscoop.

Continue reading Synack raises $21.25 million in Series C round→

Security startup Synack scores $21 M investment from Microsoft, HPE and Singtel

Posted on April 11, 2017 by Ron Miller

A silhouette of a hacker with a black hat in a suit enters a hallway with walls textured with blue internet of things icons 3D illustration cybersecurity concept Synack, a startup that combines software security tools with a network of white-hat hackers to help keep its customers secure, announced a $21.25 million Series C funding round today. The round was led by Microsoft Ventures with participation from Hewlett Packard Enterprise and Singtel Innov8. Previous investors GGV Capital, GV (formerly Google Ventures) and Kleiner Perkins Caufield &… Read More Continue reading Security startup Synack scores $21 M investment from Microsoft, HPE and Singtel→

Malware That Targets Both Microsoft, Apple Operating Systems Found

Posted on March 23, 2017 by Chris Brook

A new strain of malware is designed to spread malware on either Mac OS X or Microsoft Windows, depending on where it’s opened. Continue reading Malware That Targets Both Microsoft, Apple Operating Systems Found→