Tag Archive for: box’

Hack the Box, a gamified cybersecurity training platform with 1.7M users, raises $55M

/in


There’s long existed a divide in the world of computer hacking between those who are taking a malicious approach to crack a system, and those who are using the same techniques to understand the system’s vulnerabilities, help fix them, and at the same time to fight against the malicious actors. Today, Hack the Box, one of the startups that’s built a platform to help cultivate more of the latter group with a gamified approach, is announcing $55 million in funding to expand its business after racking up 1.7 million users.

The funding is being led by Carlyle, with Paladin Capital Group, Osage University Partners, Marathon Venture Capital, Brighteye Ventures, and Endeavor Catalyst Fund also participating.

The UK startup is not disclosing valuation at the moment. But for some context, according to PitchBook, the startup, based out of England but with offices in New York and with founding roots out of Greece — where it also has an office (and where it seems rumors of this round leaked out a couple of days ago) — had raised just over $24 million since being founded in 2017 (with about $15 million of that in equity: the company says it’s now raised about $70 million). Its last valuation, previously updated in 2021 after it raised $10.6 million, was a very modest $52 million.

“Modest” because the scale of what the company has achieved is pretty impressive. The 1.7 million community members that use the platform cover both individuals who have joined HTB on their own steam to learn skills and get certifications, as well as some 1,500 enterprises, universities, governments and other organizations that have sent their teams to HTB to be put through their paces.

The company says it currently runs some 450 “hacking labs” across more than 300 machines. Similar to companies like Kahoot (which works in a very different environment to be clear, K-12 education and corporate training) the idea with HTB is that it’s learning environment is built around gamification, simulations with avatars and narrative scenarios that are designed to throw users into what are are built to mimic classic cyber hacks of varying and increasing sophistication. It also has a “pro lab” tier that takes on typical network…

Source…

Australian black box website security checker unveiled | Information Age

/in


Most scanners do not perform a thorough job. Photo: Shutterstock

Most websites are vulnerable to attack, whether it’s opportunistic or intentional hacking, and the return on investment for cyber criminals can be substantial.

While website security scanning offers a line of protection, it’s not infallible.

To improve screening, a team of Australian and international researchers has just developed a new scanning tool to make sites less vulnerable to cyberattacks.

The black box security assessment prototype, tested by engineers in Australia, Pakistan and the UAE, was found to be more effective than existing web scanners.

UniSA mechanical and systems engineer Dr Yousef Amer, a member of the research team, said the researchers have been able to highlight numerous security vulnerabilities in website applications using the prototype.

Against a backdrop of escalating and more severe cyberattacks, and despite a projected $170 billion global outlay on internet security in 2022 according to Varonis, existing web scanners are falling way short when it comes to assessing vulnerabilities, noted Amer.

“We have identified that most of the publicly available scanners have weaknesses and are not doing the job they should,” said Amer.

These existing tools have less precision, accuracy and recall rate to determine web application vulnerabilities.

In addition, there are some vulnerabilities that most tools are unable to detect.

Dr Amer explained the black box prototype has better crawler coverage as it uses the high performing Arachni crawler.

“This enables us to find all possible web pages associated with the main website,” he told Information Age.

Serious vulnerabilities need to be identified

The researchers compared 11 publicly available web application scanners against the top 10 vulnerabilities in web applications and APIs identified by the Open Web Application Security Project (OWASP).

“We found that no single scanner is capable of countering all these vulnerabilities, but our prototype tool caters for all these challenges.

“It’s basically a one-stop guide to ensure 100 per cent website security,” he said.

The vulnerabilities included broken access control that…

Source…

Fake Binance NFT Mystery Box bots steal victim’s crypto wallets

/in


GB Master Kung Mystery Box
Source: ITAMGamesInc

A new RedLine malware distribution campaign promotes fake Binance NFT mystery box bots on YouTube to lure people into infecting themselves with the information-stealing malware from GitHub repositories.

Binance mystery boxes are sets of random non-fungible token (NFT) items that people buy, hoping they’ll receive a unique or rare item at a bargain price. Some of the NFTs found in these boxes can be used to add rare cosmetics or personas within online blockchain games.

Mystery boxes are trendy in the NFT market because they give people the joy of the unknown and the potential for a big payday if they land a rare NFT. However, marketplaces like Binance offer them in limited numbers, making some boxes hard to get before they run out of stock.

This is why interested buyers often deploy “bots” to acquire them, and it’s precisely this hot trend that the threat actors are trying to take advantage of.

YouTube and GitHub abuse

According to a new report by Netskope, threat actors are creating YouTube videos to entice potential victims into downloading and installing the malware on their computer, thinking they’re getting a free mystery box scalper bot.

Malicious YouTube videos
Malicious YouTube videos (Netskope)

BleepingComputer confirmed that the videos listed in the indicators of compromise are still available on YouTube, albeit having a low number of views. 

There likely are many more than those spotted by Netskope, and it’s also possible that previous scam videos with a higher number of views were reported and taken down by YouTube moderators.

The threat actors uploaded the videos between March and April 2022, and they all feature a link to a GitHub repository that supposedly hosts the bot but, in reality, distributes RedLine.

Video description leading to a GitHub download
Video description leading to a GitHub download (Netskope)

The name of the dropped file is “BinanceNFT.bot_v1.3.zip”, containing a similarly-named executable, which is the payload, a Visual C++ installer, and a README.txt file.

Files contained in the dropped ZIP archive
Files contained in the dropped ZIP 
(Netskope)

RedLine requires the VC redistributable installer to run since the program is developed in .NET, while the text file contains the installation instructions for the victim.

Readme file instructions
Readme file…

Source…

Ransomware, economic accelerator and patent box bills lapse

/in


Legislation introducing a ransomware penalties regime, a $1.6 billion economic accelerator and the long-awaited patent box are among the bills which have now lapsed after failing to be passed before the announcement of the May federal election.

A number of tech-focused bills remained in Parliament upon Prime Minister Scott Morrison calling the election for 21 May over the weekend, meaning they have lapsed and will have to be introduced by the new government.

These include the federal government’s ransomware bill, which would have introduced tougher penalties for ransomware criminals and mandatory incident reporting for larger businesses subject to an attack.

These reforms were announced in mid-October, but the bill never made it past the lower house.

Legislation launching the $1.6 billion Australian Economic Accelerator, announced as part of the commercialisation package in February, has also lapsed. The accelerator will issue grants to support arrangements to increase industry-led study and post-graduate research, and to assist universities to undertake research.

The accelerator will function as a three stage program aiming to transform early-stage research into viable businesses.

The Coalition also failed to pass legislation launching a patent box after first announcing the scheme in last year’s May budget. The patent box would have initially only applied to the medical technology and biotech industries, offering tax breaks on IP commercialised in Australia.

While this legislation has now lapsed, the government did announce a series of updates to the scheme in this year’s budget, including to expand it to the agricultural and low-emissions technology industries.

The government had also been attempting to cap the amount the Medical Research Future Fund can disburse each year, but legislation facilitating this has now lapsed.

Under the Coalition’s plan, the fund would be limited to disbursing $650 million annually from 2022-23, down from the $1.2 billion withdrawn in 2020-21.

This plan had been slammed by the Opposition, which said it would “undermine medical research”.

A bill which would allow business communication documents to be signed or…

Source…