Tag Archive for: ‘led

Cybersecurity training startup Hack The Box raises $10.6M Series A led by Paladin Capital – TechCrunch

/in


Cybersecurity training startup Hack The Box, which emerged originally from Greece, has raised a Series A investment round of $10.6 million, led by Paladin Capital Group and joined by Osage University Partners, Brighteye Ventures and existing investors Marathon Venture Capital. It will use the funding to expand. Most recently it launched Hack The Box Academy.

Started in 2017, Hack The Box specializes in using “ethical hacking” to train cybersecurity techniques. Users are given challenges to “attack” virtual vulnerable labs in a simulated, gamified and test environment. This approach has garnered more than 500,000 platform members, from beginners to experts, and brought in around 800 organizations (such as governments, Fortune 500 companies, and academic institutions) to improve their cyber-adversarial knowledge.

Haris Pylarinos, Hack The Box co-founder and CEO said: “Everything we do is geared around creating a safer internet by empowering corporate teams and individuals to create unbreakable systems.”

Gibb Witham, senior vice president, Paladin Capital Group, commented: “We’re excited to be backing Hack The Box at this inflection point in their growth as organizations recognize the increasing importance of an adversarial security practice to combat constantly evolving cyber attacks.”

Hack The Box competes with Offensive Security, Immersive Labs, INE and eLearnSecurity (acquired by INE).

Hack The Box is using a SaaS business model. In the B2C market it provides monthly and annual subscriptions that provide unrestricted access to the training content and in the B2B market, it provides bi-annual and annual licenses which provide access to dedicated adversarial training environments with value-added admin capabilities.

Source…

Trump says there was “zero threat” in Capitol attack that led to five deaths

/in


Former President Trump on Thursday defended his supporters who laid siege to the U.S. Capitol on January 6 in an attack that resulted in five deaths, arguing they posed “zero threat.” Lawmakers were inside the Capitol that day to confirm the Electoral College results certifying Joe Biden’s presidential victory.

“It was zero threat. Right from the start, it was zero threat,” Mr. Trump said in an interview with Fox News’ Laura Ingraham. 

The flood of rioters who broke into the Capitol crushed through windows and pressed up stairways, and sent lawmakers and law enforcement running for their lives. Some of the rioters may have sought to harm or assassinate lawmakers present, according to court documents, including former Vice President Mike Pence, who was present at the Capitol to preside over the certification of election results.

The assault led to five deaths, including that of a Capitol police officer who died due to injuries sustained during the riots. Two West Virginia men were arrested for allegedly assaulting the officer, Brian Sicknick. They are accused of spraying police officers with a chemical spray.

Approximately 140 Capitol and Metropolitan police officers were seriously harmed, with Capitol Police union leader Gus Papathanasiou saying in a statement in January that injuries included cracked ribs, brain injuries, smashed spinal disks and one officer losing an eye. Two Capitol Police officers present that day died by suicide after the riots. 

Mr. Trump did acknowledge that some people “went in [to the Capitol], they shouldn’t have done it.” But he slammed federal law enforcement for “persecuting” the Capitol rioters, complaining that “nothing happens” to left-wing protesters. 

He also falsely claimed that the insurrectionists had “great relationships” with law enforcement.

“Some of them went in and they’re, they’re hugging and kissing the police and the guards. You know, they had great relationships. A lot of the people were waved in and then they walked in and they walked out,” Mr. Trump…

Source…

Microsoft Investigates Whether Leak Led to Exchange Hack: Report

/in


Illustration for article titled Microsoft Investigates Whether Leaked 'Proof of Concept' Attack Code Contributed to Exchange Hack

Photo: Jeenah Moon (Getty Images)

Hackers may have gotten their hands on inside intel that Microsoft shared with its security partners to exploit vulnerabilities in the company’s widely used email and calendaring software Exchange, according to a Friday Wall Street Journal report.

Several different hacker groups have descended on the Exchange in a series of branching cyber attacks that compromised at least 30,000 U.S. organizations. State-sponsored hackers from China reportedly exploited several zero-day vulnerabilities in Microsoft’s software, which other cyberattackers later took advantage of, to gain entry into Exchange servers and plant malicious code in order to steal large troves of email data from American businesses and local governments.

The first wave of attacks began in January and picked up steam in the week before Microsoft planned to roll out a software fix to customers, the Journal reports. Tools used in the second wave, which is believed to have begun on Feb. 28, bore several similarities to “proof of concept” attack code that Microsoft distributed to antivirus companies and other security partners just a few days earlier, people familiar with the investigation told the outlet. While Microsoft initially planned to push out a software fix on March 9, it ended up releasing the patch early, on March 2, in response to the second wave of attacks.

Microsoft uses an information-sharing network, Microsoft Active Protections Program or MAPP, to push out alerts about its product to its security partners so they can identify emerging threats. MAPP includes 80 security companies worldwide, including about 10 based in China. A subset of these organizations received the proof-of-concept code that could be used to attack Microsoft’s systems in a notification that contained technical details regarding unpatched flaws in Exchange, per the Journal. A Microsoft spokesperson declined the Journal’s request for comment on whether any Chinese companies were included in this subset.

G/O Media may get a commission

The spokesperson went on to say that Microsoft has seen “no indications” of a leak from inside the company, but if its internal investigation finds that any MAPP…

Source…

IBM led consortium wins $3.2 million German Digital Health Passport contract – Ledger Insights

/in


Yesterday German press reported that a consortium led by IBM, including blockchain cybersecurity firm Ubirch won the tender for digital vaccination certificates in Germany. The two firms beat competition from a joint initiative by Deutsche Telekom and SAP. According to the Official EU Journal the award is €2.7 million ($3.2 million), but IBM will subcontract 51% of the project.

The initiative is to create a digital version of yellow vaccine certificates. 

Frankfurter Allgemeine Zeitung reported that other consortium participants include Bechtle and Govdigital, which is a cooperative of 15 IT providers. In January, Ubirch and Govdigital were involved in a regional project in the Bavarian district of Altötting. It’s unclear whether that solution used IBM’s Digital Health Pass. 

A key feature of the regional trial was to issue a physical card, similar to a credit card but displaying a QR code. Given the first vaccines were provided to older people, the card proved popular. The QR code encodes personal information such as the name, ID and the details of the vaccination, and anyone scanning the code sees the information. The data is not saved elsewhere and the vaccine recipient can store the data on a mobile phone. When the QR code is created, a hash or fingerprint of the data is stored on a blockchain.

A similar solution for Corona test certificates has already been deployed by Ubirch at Frankfurt Airport, Berlin, Hamburg and Düsseldorf. For that, Ubrich partnered with Govdigital and Lufthansa Industry Solutions.

Ubirch positions itself as an IoT cybersecurity firm. It claims it created the world’s first blockchain-on-a-SIM solution together with 1NCE and G+D Mobile Security, a firm known as a currency solution provider to central banks.

Meanwhile, IBM’s Digital Health Pass solution is currently being trialed by the State of New York. It uses a mobile phone app and blockchain for verifiable credentials. 

There are a variety of solutions in the marketplace for COVID-19 health certificates. And airlines, in particular, are keen to adopt them. The solutions include GE Digital’s TrustOne app, IATA’s Travel Pass platform, and the 

Source…