Unlike other security solutions, Attivo focuses on detecting the threats that have bypassed perimeter security controls, which all determined attackers eventually do. Highly authentic deception traps, along with data, application, and credential lures are deployed to attract an attacker into engaging and revealing their presence. This is quick, efficient, and customers have cited being able to detect and respond to threats in 15 minutes, a dramatic difference compared to the 100+ days of dwell time that many organizations contend with. The solution also adds continuous detection value throughout the phases of the kill chain.
Heightened attention to cybersecurity offensive countermeasures. Cybersecurity has been mostly defense-oriented, but this has never been sufficient. Moving forward, we will see more companies spring up along the lines of Attivo Networks, a leader in deception solutions. Attivo applies deception-based decoy and luring technologies within networks to misdirect attackers and deceive them into revealing themselves. (Disclosure: My firm has invested in Attivo.)
A 20-year-old Florida man was responsible for the large data breach at Uber Technologies Inc last year and was paid by Uber to destroy the data through a so-called “bug bounty” program normally used to identify small code vulnerabilities, three people familiar with the events have told Reuters.
Uber announced on Nov. 21 that the personal data of 57 million users, including 600,000 drivers in the United States, were stolen in a breach that occurred in October 2016, and that it paid the hacker $100,000 to destroy the information. But the company did not reveal any information about the hacker or how it paid him the money.
Uber made the payment last year through a program designed to reward security researchers who report flaws in a company’s software, these people said. Uber’s bug bounty service – as such a program is known in the industry – is hosted by a company called HackerOne, which offers its platform to a number of tech companies.
Reuters was unable to establish the identity of the hacker or another person who sources said helped him. Uber spokesman Matt Kallman declined to comment on the matter.
Newly appointed Uber Chief Executive Dara Khosrowshahi fired two of Uber’s top security officials when he announced the breach last month, saying the incident should have been disclosed to regulators at the time it was discovered, about a year before.
It remains unclear who made the final decision to authorize the payment to the hacker and to keep the breach secret, though the sources said then-CEO Travis Kalanick was aware of the breach and bug bounty payment in November of last year.
Yesterday, a huge outbreak of phishing emails was discovered around 11:30 PT when an unknown organization sent out emails saying that someone from the recipient’s contacts list shared a Google document with them. A Google spokesperson said that the company has disabled the accounts where the hack originated. The attack affected approximately 1 million accounts, and hopefully none of your employees were one of them. Here is what Google put out late last night:
Weebly, a San Francisco-based company that has allowed more than 40 million people create websites with since 2007; will start sending notification letters to all of their customers on Thursday, informing them of a data breach that occurred eight months ago.
The breach, affecting 43,430,316 customers, happened February 2016, but the root cause remains unknown. The compromised database is just now coming to the public’s attention after an anonymous source sent it to LeakedSource.
India is dealing with one of the worst data breaches ever to hit the country with as many as 3.2 million debit card details stolen from multiple banks and financial platforms.
On Thursday, the Economic Times reported that malware was used to compromise the Hitachi Payment Services platform, used to power India’s ATM, point-of-sale (PoS) systems and other financial transactions.
This infection then affected the State Bank of India (SBI), ICICI, Yes, Axis and HDFC, which are said to be the hardest hit. The Visa and Mastercard networks are also allegedly affected by the data breach — which took roughly six weeks to detect.
Bitfinex, one of the most popular cryptocurrency exchanges online, has suffered a major hack. The company has posted a note on its website detailing the security breach, and while it doesn’t mention a total amount, one of their employees confirmed on Reddit that the total amount stolen was 119,756 bitcoins.
That amount converts to about $77,000,000 based on a price of $650 USD per bitcoin, which is about what bitcoin traded at over the course of the last week.
After news of the hack spread, the price of bitcoin dropped almost 20 percent, settling in around the current price of $540 USD per bitcoin. It’s not exactly clear why the price dropped, but it’s likely bitcoin investors got nervous about potential hacks on other exchanges and decided to sell off their bitcoin holdings, which led to a rapid decrease in price.
A data breach has been reported at Google’s California unit which may have exposed employees’ social security numbers. The company notified the employees about the breach saying that it occurred at a third party company that Google is in business with.
A document was allegedly sent from the third party firm to the benefits manager at another company, according to the breach disclosure. The document contained certain personal information of some Google employees which Alphabet says is restricted to social security numbers.
The latest count from the Identity Theft Resource Center (ITRC) reports that there has been a total of 139 data breaches recorded through March 8, 2016, and that nearly 4.3 million records have been exposed since the beginning of the year. The total number of records soared last week following a report from 21st Century Oncology that 2.2 million patient records may have been compromised in October 2015 but not reported until now. The prior week’s total number of exposed records was around 1.8 million.