News this week revolved around product launches, new appointments and funding. The vendor news came from Bugcrowd, Egress and JumpCloud.

Forter has appointed two senior executives to its leadership team to strengthen the company.

Bugcrowd

Bugcrowd has secured $102 million in strategic funding. The announcement comes just a few weeks after the company launched its CrowdConnect Partner Program. The money is to help it scale its AI-powered crowdsourced security platform globally. The investment was led by General Catalyst and included Rally Ventures and Costanoa Ventures.

The investment also sees a significant change in the way the board is structured. Mark Crane, Partner at General Catalyst and Paul Sagan, Senior Advisor at General Catalyst, will join the Bugcrowd Board of Directors. Sagan will also step into the Board Chair role. Jeff Simon, Chief Security Officer at T-Mobile and Prabhath Karanth, Vice President and Global Head of Security and Trust at Navan, join the advisory board to serve alongside David Fairman, CIO & CSO – APAC at Netskope.

“We are excited to add General Catalyst as a partner, as well as these key visionaries to our Board of Directors, to support the next phase of Bugcrowd’s growth,” said Dave Gerry, CEO, Bugcrowd.

Egress

Egress and CyberWhite have teamed up to bring AI-powered email to organisations. With email still the most common threat vector, increasing email security is essential for organisations. It was CyberWhite who initiated this deal as it looked for an email solution to protect customers from advanced phishing attacks, human error, and data exfiltration.

David Horn, Co-Founder and CTO at CyberWhite, said: “At CyberWhite, we prioritize our customers’ security over everything else. We have built our market reputation by helping organizations solve their most complex cybersecurity challenges.

“By partnering with Egress, we can provide businesses with access to the leading email security platform that intelligently detects and prevents both inbound and outbound threats. Consequently, we can ensure our customers have the security controls that they need to protect their people, clients, and organizations. We have strong relationships with the team at Egress and we’re excited to see this partnership rapidly accelerate the growth of both organizations.”

FBI

A Ukrainian national, Mark Sokolovsky, has been extradited to the United States from the Netherlands. He has been indicted for fraud, money laundering and aggravated identity theft.

Sokolovsky operated the Raccoon Infostealer as a malware-as-a-service or “MaaS.” It allows people to steal data from victims. Cybercriminals leased access to the malware for approximately $200 per month, paid for by cryptocurrency. They then create campaigns to get people to install the malware onto their computers.

Tuong Quoc Ho, a/k/a Robert Parker, 36, a resident of Carmel, Indiana, has been sentenced to 102 months in federal prison. He was convicted of devising and running a complex international scheme to defraud multiple victims across the US. The total amount of money involved was $2 million.

The gang used stolen PII, including credit cards and fraudulent PayPal and eBay accounts. They sold goods they didn’t have to hundreds of victims throughout the United States and worldwide. Many of the goods sold were sold at below purchase price allowing them to launder stolen money from the credit cards.

Jumpcloud

Jumpcloud has signed a deal with Bulgarian company Cloud Office (in Bulgarian), which will now sell its products across Central and Eastern Europe (CEE). Cloud Office specialises in the implementation, consulting and resale of Google Cloud and Google Workspace. It already has over 600 customers across CEE and Jumpcloud will hope that this allows them to build a footprint in the region.

Jumpcloud has also released a report, “State of IT 2024: The Rise of AI, Economic Uncertainty, and Evolving Security Threats” (registration required). One of the focus points of this report was the impact of artificial intelligence (AI) on identity management and security challenges.

Of interest, the report showed:

  • Organizations are actively planning for AI: Just 13% of organizations do not currently have any plans to implement AI initiatives and 76% agree their organization should be investing in AI.
  • Admins optimistic about AI: 79% report that AI will be a net positive, versus just 6% who see it as a net negative. Most admins agree their organizations are approaching AI adoption at exactly the right speed (55%). Roughly equal amounts think they are moving too quickly (22%) or too slow (19%).
  • IT teams are wary about AI’s potential for organizational security and career: 62% agree that AI is outpacing their organization’s ability to protect against threats overall, and nearly half (45%) worry about AI’s impact on their job.

NOYB

NYOB has filed a complaint against German credit agency SCHUFFA with the Hessian data protection authority. It alleges that SHUFFA is making it extremely hard for people to gain a free copy of their data. It does this through manipulative website designs that make it hard to get their data.

The people most affected are those seeking to rent accommodation. Renters ask for evidence of financial reliability when they look to rent. SCHUFFA, instead of providing this for free, tries to get people to use its “BonitätsAuskunft”, which costs €29.95. It further obfuscates the right to free data by saying the BonitätsAuskunft offers an advantage on the housing market.

NOYB also asked 28 NGOs to urge European DPAs to reject the €250 Pay or Okay privacy fee from Facebook and Instagram. The pressure on NGOs comes ahead of the European Data Protection Board (EDPB) ruling as to the legality of this fee. The fear is that if Meta is allowed to do this, other companies will follow suit. That would significantly impact the fundamental right to data protection for EU citizens.

US Department of Justice

The US DoJ gave an update on a January 2024 operation to deal with a botnet controlled by the Russian GRU. The botnet compromised hundreds of small office/home office (SOHO) routers. it was being used by GRU Military Unit 26165, also known as APT 28, Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit, to conceal and otherwise enable a variety of crimes.

Unlike earlier botnets, this one was built on the Moobot malware. It was installed on Ubiquiti Edge OS routers that still used publicly known default administrator passwords. The DoJ manipulated the malware into deleting its own software on the routers.

“The Justice Department is accelerating our efforts to disrupt the Russian government’s cyber campaigns against the United States and our allies, including Ukraine,” said Attorney General Merrick B. Garland. “In this case, Russian intelligence services turned to criminal groups to help them target home and office routers, but the Justice Department disabled their scheme. We will continue to disrupt and dismantle the Russian government’s malicious cyber tools that endanger the security of the United States and our allies.”

Security news from the week beginning 5th February 2024

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here