Firewall Friday

Weekly Cyber Security Activity — March 29th, 2019

BlackBerry had a very good day… and about 2-billion email addresses did not, in what is said to be the largest leak of emails — ever. Not really sure how that impacts a cyber professionals day due to the inbox being inundated with 200+ emails a day already.

Current Cybersecurity Market

Looks like BlackBerry is having a good day (up 13.6% on Friday)… Apparently they aren’t even adding the revenue from Cylance into their reports yet. BB could become a serious player in cyber in the next year.

*As of March 29th Market close.

Cybersecurity Financing Activity

• NS8, which offers a SaaS based solution to defend online stores against fraud, raised a $26M round of funding led by Edison Partners, Sorenson Ventures, and Lytical Ventures, with participation from Hanna Ventures, and others.
• GreyNoise Intelligence, which provides visibility into internet background noise caused by benign sources that inflate the volume of security alerts that needs to analyze, raised a $600K Seed round led by Inner Loop Capital and StoneMill Ventures with participation from Paladin Capital Group, Oliver Friedrichs, Bryson Bort, and Pedram Amini.
• CyberX, which uses industrial finite state modeling to identify deviations from normal network behavior in ICS environments, raised an $18M Series B led by Qualcomm Ventures and Inven Capital, with participation from Norwest Venture Partners, Glilot Capital Partners, Flint Capital, and OurCrowd.

Cybersecurity M&A Activity

• NexDefense, which provides ICS visibility, was acquired by Dragos to build a stronger tool set for threat detection and response in the ICS space. Terms of the acquisition are not yet known.
• Webroot, which provides multi-vector protection for endpoints and networks, was acquired by Carbonite for $618.5M. Carbonite plans to leverage Webroot’s technology in its cloud-based security platform.

Attacks of the Week

• Link Here — Norsk Hydro Ransomware.
• Link Here — MyPillow and Amerisleep targeted by Magecart hacking group.
• Link Here — Spearfishing attack on Oregon Department of Human Services.
• Link Here — Two phishing campaigns on Netflix and AMEX.
• Link Here — FEMA data leak exposed banking details and PII of 2.3M disaster survivors.

Vulnerabilities & Patches

• Link Here — The popular SSH client program PuTTY has released the latest version of its software that includes security patches for 8 high-severity security vulnerabilities.
• Link Here — WordPress websites using unpatched Social Warfare installations (v3.5.1 and v3.5.2) are exposed to attacks abusing a stored Cross-Site Scripting (XSS) vulnerability fixed in the 3.5.3 version of the plugin. Check Point IPS blade will provide protection against this threat in its next online package
• Link Here — Libssh2, a popular open source client-side C library implementing the SSHv2 protocol, has released the latest version of its software to patch a total of nine security vulnerabilities. Patched vulnerabilities involve memory corruption issues with possible arbitrary code execution possible implications.
• Link Here — Vulnerabilities in over a dozen models of Medtronic’s heart implantable defibrillator expose patients to life threatening hacks. Examined implantable systems require no authentication and fail to use any encryption.
• Link Here — A total of 11 security flaws and vulnerabilities have been found in a recent inspection of CUJO, a firewall device designed to supply malware protection for domestic networks. CUJO has begun rolling out a system update to resolve the vulnerabilities.

Other Relevant Articles

• Link Here — How to Suck at Information Security — Cheat Sheet.
• Link Here — Pwn2Own contest for $270K results.
• Link Here — Facebook Sucks AGAIN, ruining cybersecurity for everyone.

If you think I missed something important, you can reach me at jrabuck@checkpoint.com.