Firewall Friday

Weekly Cyber Activity — October 19th, 2018

Assuming you’ve heard the news, let me be the 5th person to tell you that Google+ isn’t secure and is planning on ending its service. It should also not come as a surprise that Facebook is looking to make a big splash in the security market with the acquisition of a “Major” Cybersecurity company. Perhaps your favorite security vendor will come with a Facebook.com ending ;).

Cybersecurity Financing Activity

• CybelAngel, which protects organizations across the dark web, raised $12M Series A from Bpifrance and Serena Capital. The company has raised $16M to date from Serena Data Ventures, adding Bertrand Diard to their Board of Directors.
• Mission Secure Inc, cybersecurity company that delivers visibility and protection in the energy industry, raised an $8M Series A led by Energy Innovation Capital and Chevron Technology Ventures, with participation from R/GA Ventures and Macquarie Capital. The company has raised $10.4M to date from investors including Blue Bear Capital, Felton Group, and the University of Virginia Seed Fund.
• Hmatix, which makes hardware securing medical devices and Indutrial IoT, raised $500K from 1+ undisclosed backers. This funding paves the way for the stealth startup tackling the IoT market.
• Hysolate, solution that helps turn user devices into isolated virtual machines, raised a $18M Series B, led by Bessemer Venture Partners and Innovation Endeavors. The company has received $23M in funding so far from investors including the CyberSecurity Think-Tank Team8.
• Darktrace, which uses AI and machine-learning to detect cyber threats, raised a $50M Series E led by Virtruvian Partners. Darktrace has raised $229M to date from KKR & Co., TenEleven Ventures, Insight Venture Partners, SoftBank and Summit Partners.

Cybersecurity M&A Activity

• Facebook is looking to acquire a “Major” Cybersecurity company in wake of recent breach.
• Quorum Software, a digital transformation service company that serves the Oil and Gas industry, was acquired by Thoma Bravo for an undisclosed amount.
• Redlock, a cloud security startup that provides visibility and automated threat detection, was acquired by Palo Alto Networks for $173M. Redlock previously raised $12M funding from Sierra Ventures, Storm Ventures, and Dell Technologies Capital.
• Hivint, which provides access to information security management systems, was acquired by Optus for $23.3M.
• https://index.co/market/cyber-security/companies

Other Relevant Cyber News

• SparkLabs, an accelerator group for startups, is expanding to DC with an accelerator for Cybersecurity and Blockchain Startups. Brian Park and Mike Bott are leading the charge. Applications open January 2019, contact brian@sparklabcyber.com
• Shasta Ventures, an Early-Stage venture firm, has brought on three new hires to build a deeper cybersecurity foundation. Balaji Yelamanchili, Izak Mutlu, and Drew Harman were brought in to continue investing in cyber. Shasta has invested between $40–50M in cybersecurity in 2018.

Top Attacks and Breaches

• The Pentagon has admitted a breach where an attacker appears to have compromised a third-party contractor and used the vendor’s access to the Pentagon network to steal travel data for Department of Defense personnel. This may have revealed personal and credit card information of at least 30,000 employees.
• Google has announced that it plans to shut down its social media network Google+, after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers. This breach has potentially affected up to 500,000 accounts.
• Financially motivated attackers have been exploiting the Drupal vulnerabilities, including Drupalgeddon2 and Drupalgeddon3, to install a backdoor on the infected systems and take full control of the hosted platforms.
• FitMetrix fitness software company has exposed millions of records of customer data online, publically available and unprotected. The exposed records include name, gender, email address, birth date, home and work phone, height, weight and much more.
• A new cyber espionage group has been revealed, tracked as “Gallmaker”. The group has targeted entities in the government, military and defense sectors in Eastern Europe and the Middle East since at least 2017, mainly using fileless attacks and publicly available hack tools.
• A new campaign lures victims to download a fake Adobe Flash update containing a code to download and execute an XMRig Cryptominer on Windows systems.

Vulnerabilities and Patches

• Microsoft has released its monthly Patch Tuesday update for October 2018, fixing a total of 49 security vulnerabilities in its products. Out of 49 flaws patched this month, 12 are rated as critical. In this batch, the company released a patch to a zero-day vulnerability in Win32k currently actively exploited by a Middle-East based APT dubbed FruityArmor. Another patch was issued for a zero-day vulnerability in JET, which third-party researchers have warned is incomplete, and released a micro-patch to fix it.
• Adobe has released its monthly security update addressing 11 vulnerabilities in Adobe Digital Editions, Framemaker, and Technical Communications Suite, 4 of which are rated critical.
• Juniper Networks has patched dozens of serious security vulnerabilities. The most severe flaw could be exploited by an attacker to crash the Junos kernel by sending specially crafted MPLS packets.
• Google Project Zero security researcher has found a critical vulnerability in WhatsApp messenger that may allow threat actors to remotely take full control of one’s WhatsApp account by using the video call over the messaging app.
• Following the big “China-Hack” claiming China has added a microchip to motherboards that can be used for remote code execution, a supply chain security 101 view was published pinpointing the difficulties and challenges when facing compromised hardware scenarios.