Tag: Rides | SpinSafe

A notorious Chinese hacking outfit has managed to one-up itself with a years-long cyberespionage hacking campaign that stole massive amounts of corporate data and intellectual property.

Referred to as “Operation CuckooBees” by Cybereason, the campaign ran from 2019 to 2021 and targeted technology and manufacturing companies in Asia, North America and Europe with the intent of lifting intellectual property and corporate secrets. According to a new two-part report from the threat detection vendor, the campaign was the work of Winnti, a Chinese state-sponsored advanced persistent threat (APT) group that has been active since 2010.

The Winnti group, also known as APT41, was able to hide itself for years inside a corporate network and steal a massive cache of valuable data from the target. Cybereason said the attack was noteworthy for its longevity and the amount of data collected on not only the target, but its partners and clients.

“With years to surreptitiously conduct reconnaissance and identify valuable data, it is estimated that the group managed to exfiltrate hundreds of gigabytes of information,” Cybereason said in a blog post published Wednesday. “The attackers targeted intellectual property developed by the victims, including sensitive documents, blueprints, diagrams, formulas, and manufacturing-related proprietary data.”

The Cybereason researchers noted that the attack was particularly nefarious in that it managed to incorporate a mixture of both zero-day vulnerabilities and known bugs that enterprises simply had not patched.

Targeting an unnamed ERP platform, the attackers infiltrated internet-facing systems using not only newly discovered exploits, but also web shell vulnerabilities that have been public info as far back as 2006.

“Winnti leveraged both known and previously undocumented malware techniques, including digitally signed kernel-level rootkits,” Cybereason said. “The threat employed an elaborate, multi-stage infection chain that was critical to enabling the group to remain undetected for so long.”

Once inside the network, the Winnti hackers focused on establishing persistent connections that would allow them to tap into systems even if their initial…

Source…

The biometric authentication startup Keyless has brought in another $3 million in seed funding. The latest round was led by the Italian venture capital firm P101 SGR, with additional support from Primomiglio SGR, Inventures, and Gumi Crypto Capital.

Keyless Rides New Partnerships to Another $3 Million in Seed Funding

The latest influx of cash brings Keyless’ total amount of seed funding to $9.2 million. According to Keyless, the new funds were secured based on the strength of a trio of new partnerships with Microsoft Azure AD B2C, OneLogin, and Auth0, all three of which are major identity and access management providers.

The $3 million reflects investor confidence in those new partnerships. Keyless noted that while companies like OneLogin and Auth0 provide other organizations with solutions that make it easier to manage employee and customer identities, they do not always develop their own biometric authentication software, and need to form alliances with companies that do. Keyless happens to be one such provider, which is why the company believes that the new partnerships will help Keyless make connections with a larger number of end users.

“Traditional multi-factor authentication can be cumbersome, expensive, and susceptible to new attack avenues,” said Keyless CEO Andrea Carmignani. “By partnering with IAM providers, we can serve the market’s need with innovative authentication solutions that are not only intuitive for users, but offer stronger protection against emerging mobile security and privacy threats.”

“Keyless offers a sophisticated solution that helps authentication and identity management providers put the user and their privacy first,” added P1010 SGR Partner Giuseppe Donvito. “Embracing biometric technology that utilises a distributed cloud network not only helps eliminate fraud, phishing and account takeover threats, it also ensures that sensitive biometric information is never at risk of being lost, stolen or mishandled.”

Keyless previously brought in $2.2 million in seed funding in a round that closed in 2019. The company is hoping to capture a portion of a biometric systems market that is expected to be worth $68.6 billion by 2025.

–

April 16, 2021 – by Eric Weiss

Source…

Tag Archive for: Rides