Hunters.AI Raises $5.4M Seed Round to Equip Cybersecurity Teams with the First Autono...
- Hunters.AI, the pioneer in autonomous threat hunting, today announced $5.4M in seed funding for its mission to accelerate cyber threat response and fight cybercrime by helping organizations detect, identify and remediate sophisticated cyberattacks targeting their cloud, hybrid and enterprise environments.
- It then connects those digital traces to quickly identify and isolate attacks, and provide high fidelity and contextual attack stories, dramatically accelerating cyber threat detection and response time.
- Hunters combines its unique Attack Intelligence, Hunting AI and Continuous Automation with the enterprise’s existing security data to transform enterprise threat hunting from hunt and hope to hunting that works.
- YL Ventures accelerates the evolution of portfolio companies via strategic advice and U.S.-based operational execution, leveraging a powerful network of Chief Information Security Officers and global industry leaders.
- The firm specializes in leading Seed and Series A rounds collaborating with angel investors, other venture capital firms and strategic partners.
- This clever attack allows someone to uniquely identify a phone when you visit a website, based on data from the accelerometer, gyroscope, and magnetometer sensors.
- We have developed a new type of fingerprinting attack, the calibration fingerprinting attack.
- Our attack uses data gathered from the accelerometer, gyroscope and magnetometer sensors found in smartphones to construct a globally unique fingerprint.
- Overall, our attack has the following advantages: The attack can be launched by any website you visit or any app you use on a vulnerable device without requiring any explicit confirmation or consent from you.
- The attack takes less than one second to generate a fingerprint.
- The attack can generate a globally unique fingerprint for iOS devices.
- The calibration fingerprint never changes, even after a factory reset.
- * Following our disclosure, Apple has patched this vulnerability in iOS 12.2.
US warns Syrian regime following allegations of chemical weapons use
- The Trump administration ordered retaliatory strikes against Syrian regime targets in 2017 and 2018 after reports of chemical weapons attacks by Assad's forces.
- Earlier on Tuesday the Russia Ministry of Defense accused Syrian rebels, including "specialists who have been trained in Raqqa city under the guidance of US intelligence officers," of planning a "false flag" chemical weapons attack to frame the Syrian regime in Idlib.
- Thousands of anti-government forces remain in Idlib, Syria, where regime troops backed by Russian airstrikes have ramped up attacks in recent days.
- US officials have acknowledged that many of the remaining rebel groups in the area have links to extremist groups such as the local al Qaeda affiliate, but officials are also wary of the humanitarian fallout that will result from large-scale regime attacks, given the large presence of civilians.
WannaCry? Hundreds of US schools still haven’t patched servers
- While conducting research as a follow-up to our coverage of Baltimore City’s ongoing ransomware attack, Ars discovered that neighboring Baltimore County’s public school system had eight publicly accessible servers that still were running in configurations that indicated they were vulnerable to EternalBlue, the Equation Group exploit exposed by Shadow Brokers in April 2017 and then used as part of the WannaCry malware a month later.
- Ars reached out to a Baltimore County Public Schools (BCPS) spokesperson last week, who responded, "I'll check with our IT team." There was no further response from BCPS, but the school system's IT team has configured filtering for SMB requests on the district's firewall, based on technical data collected by Ars—the bare minimum required to prevent an attack by a WannaCry clone.
The Most Expensive Lesson of My Life: Details of SIM Port Hack
- My goal is to increase awareness about these types of attacks and to motivate you to increase the security of your online identity.
- In order to describe the attack, let’s examine a typical online identity.
- The ability to port your SIM card to another device is a service that mobile carriers provide to their customers.
- The attacker ports your SIM card to a phone that they control.
- A verification code is sent from your email provider to your phone number — which is intercepted by the attacker, as they now control your SIM card.
- I want to paint a picture of how the attack was executed, how I experienced these events, and what you can do differently to protect yourself should you experience similar symptoms.
- I never took my online security that serious because I had never experienced an attack.
How an engineer at a crypto-security startup lost $100K in a SIM-swapping hack
- Nobody is immune to SIM-swapping attacks – and one engineering lead at a cryptocurrency security startup had to learn this lesson the hard way.
- In a blog post, Sean Coonce, engineering manager at security-oriented cryptocurrency startup BitGo, has detailed how he lost $100,000 in an unfortunate SIM-swapping hack, which saw his entire Coinbase balance drained.
- By the time Coonce had woken up, the attacker had already gained access to his email and Coinbase accounts.
- Even worse, since the attacker had deleted all traces of the password recovery emails, Coonce remained unaware of this development.
- Indeed, it wasn’t until Thursday morning when Coonce finally realized he’d been targeted in an elaborate SIM-porting attack.
- Unfortunately, by then the hackers had already emptied his Coinbase funds and moved them to on-chain wallet addresses out of the exchange service’s control.
The Ledger: AT&T Blamed for Cryptocurrency Hacks, 'Game of Thrones' Meets Crypto, Barry Silbert Talks Bitcoin
- It was an exciting discussion for me, because one of the panelists, Michael Terpin, had been the victim of a SIM-swapping, or phone-number porting attack, in which thieves took control of his phone and email accounts and used their access to pillage some $24 million of Terpin’s cryptocurrency.
- But in Terpin’s case, investigators in California managed to track down at least one of the thieves, who has since pleaded guilty to stealing the crypto—and last week, days before our panel, a court awarded Terpin nearly $76 million in damages.
- (AT&T ranks No. 9 on this year’s Fortune 500 list, which we just released last week.) Terpin, who runs a blockchain-focused PR firm, alleges that the attackers took control of his phone by convincing an AT&T store employee to switch his phone number to a new device despite not knowing his pin code.
Baltimore ransomware nightmare could last weeks more, with big consequences
- It's been nearly two weeks since the City of Baltimore's networks were shut down in response to a ransomware attack, and there's still no end in sight to the attack's impact.
- The attack was first reported by Baltimore's Department of Public Works, when the department's official Twitter account announced that its email access was cut off, and it reported phones and other systems were affected soon afterward.
- As it became clear what was happening, the city's Office of Information Technology team shut down nearly all of the city's non-emergency systems to prevent the further spread of the attack.
- It’s not clear how widespread the ransomware was within the network, but the city's email and IP-based phones were among the systems affected.
- But the Baltimore Police Department was dependent on the city's email servers, and surveillance cameras around the city have been affected by the network shutdown.
Here’s How ZombieLoad Affects Data Centers and What to Do About It
- The flaw affects nearly every Intel processor released in the past decade and is especially dangerous in multi-user environments like virtualized servers in data centers.
- Intel has already released a patch, but operating systems, hypervisors, and individual applications all need to be patched as well, especially in multi-user environments, where the patching status of other parts of the system isn't known, or if some of the patches cannot be immediately applied for some reason.
- Data center operators providing computing as a service should make sure information about their vulnerable assets doesn't leak, since anyone using shared infrastructure could be exposed, said Satya Gupta, founder and CTO at Virsec Systems.
- Data center operators need to work with their vendors to make sure there's a process in place to quickly roll out software and firmware updates, he said.
Tackling the DDoS Threat in the Complex Digital Landscape
- Most enterprises are equipped with various tools to tackle a distributed denial of service (DDoS) attack but the threat is evolving and has the power to do more damage than ever due to the introduction of new technologies.
- Attackers have improved sophistication and frequency of attempts, exploiting faster internet speeds and the adoption of new data technologies.
- Accenture’s "Reinventing the Internet to Secure the Digital Economy" report found that a high number of organizations are adopting new and emerging technologies faster than they can address related security issues.
- Thankfully, DDoS mitigation technologies and techniques are constantly improved to meet an unprecedented threat, but things may look somehow different if protection against DDoS attacks starts by protecting your own data first.