Category: Security

June 11, 2019 Off

Have I Been Pwned is looking for a new owner

By Jill T Frey

Troy Hunt has revealed he’s looking for an acquirer for the breach notification service he set up more than five years ago — aka: Have I Been Pwned.

In a blog post discussing the future of the service, Hunt details how traffic to the site has exploded since January when he uploaded a massive 773M record list of breached emails and passwords that could be used for automated unauthorized logins (aka credential stuffing).

“The extra attention HIBP started getting in Jan never returned to 2018 levels, it just kept growing and growing,” he … Read the rest

June 10, 2019 Off

Vectra lands $100M Series E investment for AI-driven network security

By Jill T Frey

Vectra, a seven-year old company that helps customers detect intrusions at the network level, whether in the cloud or on premises, announced a $100 million Series E funding round today led by TCV. Existing investors including Khosla Ventures and Accel also participated in the round, which brings the total raised to over $200 million, according to the company.

As company CEO Hitesh Sheth explained, there are two primary types of intrusion detection. The first is end point detection and the second is his company’s area of coverage, network detection and response or NDR.  He says that by adding a layer of artificial intelligence, it improves the overall results.

“One of the keys to our success has been applying AI to network traffic, the networking side of NDR, to look for the signal in the noise. And we can do this across the entire infrastructure, from the data center to … Read the rest

June 9, 2019 Off

Top voting machine maker reverses position on election security, promises paper ballots

By Jill T Frey

Voting machine maker ES&S has said it “will no longer sell” paperless voting machines as the primary device for casting ballots in a jurisdiction.

ES&S chief executive Tom Burt confirmed the news in an op-ed.

TechCrunch understands the decision was made around the time that four senior Democratic lawmakers demanded to know why ES&S, and two other major voting machine makers, were still selling decade-old machines known to contain security flaws.

Burt’s op-ed said voting machines “must have physical paper records of votes” to prevent mistakes or tampering that could lead to improperly cast votes. Sen. Ron Wyden introduced a bill a year ago that would mandate voter-verified paper ballots for all election machines.

The chief executive also called on Congress to pass legislation mandating a stronger election machine testing program.

Burt’s remarks are a sharp turnaround from the company’s position just a year ago, in which the election … Read the rest

June 7, 2019 Off

Why identity startup Auth0’s founder still codes: It makes him a better boss

By Jill T Frey

If you ask Eugenio Pace to describe himself, “engineer” would be fairly high on the list.

“Being a CEO is pretty busy,” he told TechCrunch in a call last week. “But I’m an engineer in my heart — I am a problem solver,” he said.

Pace, an Argentinan immigrant to the U.S., founded identity management company Auth0 in 2013 after more than a decade at Microsoft. Auth0, pronounced “auth-zero,” has been described as like Stripe for payments or Twilio for messaging. App developers can add a few lines of code and it immediately gives their users access to the company’s identity management service.

That means the user can securely log in to the app without building a homebrew username and password system that’s invariably going to break. Any enterprise paying for Auth0 can also use its service to securely logon to the company’s internal network.

“Nobody cares about authentication, but … Read the rest

June 6, 2019 Off

A backdoor in Optergy tech could remotely shut down a smart building ‘with one click’

By Jill T Frey

Homeland Security has given the maximum severity score for a vulnerability in a popular smart building automation system.

Optergy’s Proton allows building owners and managers to remotely monitor energy consumption and manage who can access the premises. The box is web-connected, and connects to other devices — like air conditioning and heating — in the building for real-time monitoring through a web interface.

CISA, the government’s dedicated cybersecurity unit, said the device had serious vulnerabilities.

An advisory said an attacker could gain “full system access” through an “undocumented backdoor script.” This, the advisory said, could allow the attacker to run commands on a vulnerable device with the highest privileges. Backdoors typically grant hidden or undocumented access to a system, and can be used for tech support to remotely login and troubleshoot issues. But if found by an attacker, backdoors can also be used maliciously.

The vulnerability required a “low level” … Read the rest

June 5, 2019 Off

SentinelOne raises $120M for its fully-autonomous, AI-based endpoint security solution

By Jill T Frey

Endpoint security — the branch of cybersecurity that focuses on data coming in from laptops, phones, and other devices connected to a network — is an $8 billion dollar market that, due to the onslaught of network breaches, is growing fast. To underscore that demand, one of the bigger startups in the space is announcing a sizeable funding round.

SentinelOne, which provides real-time endpoint protection on laptops, phones, containers, cloud services and most recently IoT devices on a network through a completely autonomous, AI-based platform, has raised $120 million in a Series D round — money that it will be using to continue expanding its current business as well as forge into new areas such as building more tools to automatically detect and patch software running on those endpoints, to keep them as secure as possible.

The funding was led by Insight Partners, with Samsung Venture … Read the rest

June 4, 2019 Off

Security stays hot as Imperva grabs Distil Networks

By Jill T Frey

Last week four security companies changed hands. The shopping spree continued this week with CDN company Imperva announcing it was buying bot mitigation startup Distil Networks. The companies did not share the acquisition price.

Imperva CTO Kunal Anand says his company had a narrow bot capability, but was looking to bring a more complete solution to the platform and Distil fit the bill nicely.

“When we looked at all of these different variables, and when we looked at the capabilities and the presence that they have in the market, the leadership with analysts, it felt like a no-brainer for us. And once we got to know the team, Rami, and all the folks at Distil, we thought it would be a great pairing to combine these companies,” he explained.

Distil Networks chief product and strategy officer and co-founder Rami Essaid says the paperwork to seal the deal was … Read the rest

June 4, 2019 Off

Why four security companies just sold for $1.5B

By Jill T Frey

If you’re thinking about starting a technology company, you may want to consider focusing on cybersecurity.

Last week was an incredible M&A whirlwind with four security companies getting acquired over just a three-day period:

  • On Tuesday, FireEye bought Verodin, a five-year-old startup that helps measure the effectiveness of your cybersecurity defenses for $250 million.
  • On Wednesday, Palo Alto Networks entered the fray, buying not one, but two Israeli security startups. The big prize was container security company Twistlock for $410 million. It also snagged serveless security company PureSec. Reports in Israeli media pegged that deal at between $60 and $70 million.
  • If that wasn’t enough for you, private equity firm Insight Partners bought 10-year old threat intelligence company, Recorded Future for $780 million.

That’s more than $1.5 billion changing hands for those of you keeping score at home. If you take a look at the four firms, … Read the rest

June 3, 2019 Off

iOS 13 will let you limit app location access to ‘just once’

By Jill T Frey

Apple will soon let you grant apps access to your iPhone’s location just once.

Until now, there were three options — “always,” “never,” or “while using,” meaning an app could be collecting your real-time location as you’re using it.

Apple said the “just once” location access is a small change — granted — but one that’s likely to appeal to the more privacy-minded folk.

“For the first time, you can share your location to an app — just once — and then require it to ask you again next time at wants,” said Apple software engineering chief Craig Federighi at its annual developer conference on Monday.

That’s going to be helpful for those who download an app that requires your immediate location, but you don’t want to give it persistent or ongoing access to your whereabouts.

On top of that, Apple said that the apps that you do grant location … Read the rest