Tag: security | Page 3

KnowBe4 Acquires Egress to Enhance Email Security With AI

April 26, 2024/in Internet Security

KnowBe4, a provider of security awareness training and simulated phishing platforms, has acquired Egress, which specializes in adaptive and integrated cloud email security. Financial terms were not disclosed.

This is technology M&A deal number 105 that ChannelE2E and MSSP Alert have covered so far in 2024. See more than 2,000 technology M&A deals for 2024, 2023, 2022, 2021, and 2020 listed here.

KnowBe4, which hosts a popular integrated security awareness training and simulated phishing platform, was founded in 2010, and is based in Clearwater, Florida. The company has 1,844 employees listed on LinkedIn. KnowBe4’s areas of expertise include internet security awareness training, network security, cybercrime prevention, and more.

Egress, founded in 2007, is based in London, England. The company has 329 employees listed on LinkedIn. Egress’ areas of expertise include anti-phishing, email data loss prevention, DLP, email encryption, email security, machine learning, secure file sharing, and secure collaboration.

About The Deal

The integration is expected to enhance KnowBe4’s email security measures by incorporating Egress’ Intelligent Email Security suite into its offerings, according to the company.

Both companies have recently announced developments related to their technology offerings. KnowBe4 introduced its AI-native platform, Artificial Intelligence Defense Agents (AIDA). Egress also launched its AI-powered Automated Abuse Mailbox earlier in the year.

KnowBe4 Acquires Egress: Executive Insights

Stu Sjouwerman, CEO, KnowBe4, commented:

“The future of security is personalized AI-driven controls and real-time coaching. By providing a single platform from KnowBe4 and Egress, our customers will benefit from differentiated aggregate threat detection to stay ahead of evolving cyber threats and foster a strong security culture.”

Tony Pepper, CEO, Egress, said:

“KnowBe4 and Egress have a shared vision of delivering tailored and relevant security to each employee. One of the biggest challenges organizations face is accurately identifying who the next source of compromise is – and why. By combining intelligence and analytics from integrated applications, companies can gain valuable insights…

Source…

Android 15 could feature extra security to protect users from shady sideloaded apps

April 25, 2024/in Mobile Security

We’ve been hearing a lot about Android 15 recently, and Google has confirmed that there’s an emphasis on privacy and security in this version of the mobile operating system. Part of that may include extra security features when side loading and installing apps from places other than the Google Play Store.

According to Mishaal Rahman at Android Authority, Android now contains code hinting at something called “Enhanced Confirmation Mode”. While the feature itself isn’t included in the Android 15 beta just yet, it seems it’s designed to improve security surrounding app installation settings and expand upon Android 13’s Restricted Settings feature.

Restricted Settings was designed to limit the capabilities of apps users installed from anywhere other than Google Play. Specifically this stops users from being able to enable Accessibility or Notification Listener services for sideloaded apps — which helps improve data security when the source is unknown.

Enhanced Confirmation Mode will work in tandem with Restricted Settings to deny sideloaded apps access to sensitive data — in case that they come from a malicious source. Specifically it’s designed to prevent misuse of a session-based installation API, which exploits the system Android uses to determine whether an app came from Google Play or not.

Specifically it’s designed to prevent misuse of a session-based installation API, which exploits the system Android uses to determine whether an app came from Google Play or not.

It does this by checking an allowlist in the system settings, checking for an XML file that’s loaded into the factory image. Without this the app won’t be able to bypass these security restrictions and access services like Accessibility or Notification Listener. Any attempts to try will see a specific ECM dialog explaining that these permissions are not available.

However it’s unclear whether there will be an option to exempt certain apps with ECM, as is the case with Restricted Settings. It’s also unclear if well known third party app stores, like Amazon’s, will be exempt from these restrictions.

The ability to sideload on Android is a fantastic one, though it does come with plenty of risks. So…

Source…

Israeli cyber security company Check Point beats quarterly profit estimate, ET Telecom

April 25, 2024/in Internet Security

The Israeli-based company said it earned $2.04 per diluted share excluding one-off items in the January-March quarter, up 13% from a year earlier. Revenue grew 6% to $599 million.

Updated On Apr 25, 2024 at 03:11 PM IST

JERUSALEM: Check Point Software Technologies on Thursday reported a higher than expected profit for the first quarter, helped by double-digit growth in its AI-powered security platform, which constituted more than 13% of total revenue.

The Israeli-based company said it earned $2.04 per diluted share excluding one-off items in the January-March quarter, up 13% from a year earlier. Revenue grew 6% to $599 million.

It was forecast to earn $2.00 a share on revenue of $594.88 million, according to LSEG data.

Check Point said it bought back about 2 million shares in the quarter, worth $325 million, as part of its ongoing $2 billion share buyback programme.

Published On Apr 25, 2024 at 03:03 PM IST

Most Read in Internet

Source…

The Impacts of AI on Cyber Security Landscape

April 25, 2024/in Internet Security

AI’s newfound accessibility will cause a surge in prompt hacking attempts and private GPT models used for nefarious purposes, a new report revealed.

Experts at the cyber security company Radware forecast the impact that AI will have on the threat landscape in the 2024 Global Threat Analysis Report. It predicted that the number of zero-day exploits and deepfake scams will increase as malicious actors become more proficient with large language models and generative adversarial networks.

Pascal Geenens, Radware’s director of threat intelligence and the report’s editor, told TechRepublic in an email, “The most severe impact of AI on the threat landscape will be the significant increase in sophisticated threats. AI will not be behind the most sophisticated attack this year, but it will drive up the number of sophisticated threats (Figure A).

Figure A: Impact of GPTs on attacker sophistication. Image: Radware

“In one axis, we have inexperienced threat actors who now have access to generative AI to not only create new and improve existing attack tools, but also generate payloads based on vulnerability descriptions. On the other axis, we have more sophisticated attackers who can automate and integrate multimodal models into a fully automated attack service and either leverage it themselves or sell it as malware and hacking-as-a-service in underground marketplaces.”

Emergence of prompt hacking

The Radware analysts highlighted “prompt hacking” as an emerging cyberthreat, thanks to the accessibility of AI tools. This is where prompts are inputted into an AI model that force it to perform tasks it was not intended to do and can be exploited by “both well-intentioned users and malicious actors.” Prompt hacking includes both “prompt injections,” where malicious instructions are disguised as benevolent inputs, and “jailbreaking,” where the LLM is instructed to ignore its safeguards.

Prompt injections are listed as the number one security vulnerability on the OWASP Top 10 for LLM Applications. Famous examples of prompt hacks include the “Do Anything Now” or “DAN” jailbreak for ChatGPT that allowed users to bypass its restrictions, and when a…

Source…

Tag Archive for: security

About The Deal

KnowBe4 Acquires Egress: Executive Insights

Most Read in Internet

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETTelecom App

Emergence of prompt hacking