IT  Articles 2020-  H  2020  1  2  3  4  5  6  7   IT  List -  H  2021  2020  2019  2018  1 

Goldman Sachs Buys Anti-Bot Startup White Ops
29.12.2020  IT  Securityweek

Fraud and bot-detection specialists White Ops has been acquired by the Goldman Sachs merchant banking division in partnership with investment firms ClearSky Security and NightDragon.

Financial terms of the acquisition were not disclosed.

White Ops, known for its fraud-detection technology that protects businesses and online platforms from bots and automated attacks, had previously raised $31 million in venture capital funding.

Goldman Sachs was part of the earlier investments rounds alongside Clearsky and NightDragon.

Based in New York City, White Ops protects businesses and online e-commerce platforms from sophisticated bots that disrupt and hijack trillions of transactions globally.

White Ops said it grew its customer base by 40 percent in 2020 and plans to ramp up spending on expanding to new markets.

The company's Bot Mitigation Platform was used recently in tandem with the FBI, Google and Facebook to takedown 3ve, a massive botnet used to perpetuate click-fraud and other malicious attacks.

White Ops also recently uncovered ICEBUCKET, the largest and widest Connected TV (CTV) related fraud operation. The company said the the operation was highly successful until discovered, at its peak impersonating roughly 2 million users in more than 30 countries. It also counterfeited more than 300 different publishers, the researchers added.

The bots involved in the attacks were hidden “within the limited signal and transparency of server side ad insertion (SSAI) backed video ad impressions,” White Ops disclosed.

White Ops discovered that “66% of programmatic CTV-related SSAI traffic and 15% of programmatic mobile-related SSAI traffic” was part of this operation in January 2020.

Privacy Management Firm OneTrust Secures $300M at $5.1B Valuation
29.12.2020  IT  Securityweek

OneTrust, a provider of privacy, security and data governance tools, announced a $300 million Series C funding round led by new investor TCV.

The company’s valuation has nearly doubled in the past ten months, jumping from $2.7 billion when the company announced its $210 million Series B round in early 2020, to a current valuation of $5.1 billion.

Announced just before the Christmas holiday, the Series C funding brings the total amount raised to a whopping $710 million since being founded in 2016.

OneTrust says that more than 7,500 customers, including more than half of the Fortune 500, use its technology to comply with ever-changing privacy, security, and compliance requirements.

"Our mission is to build the technology platform that creates the trust fabric of an organization, while addressing the hundreds of privacy, security, and compliance requirements they are faced with today," said Kabir Barday, OneTrust CEO. "We were excited when TCV approached us for an investment. Even with most of our previously raised funds still available, their partnership allows us to further accelerate our mission, leverage our capital and currency to drive organic and inorganic growth, and deliver for our customers and partners long term."

Existing investors, including Insight Partners and Coatue, joined TCV in the funding round.

HelpSystems Acquires Data Protection Firm Vera
25.12.2020  IT  Securityweek

HelpSystems, a Minneapolis, Minnesota-based software company, announced on Wednesday that it has acquired cloud-based data protection solution provider Vera for an undisclosed amount.

Vera offers a platform that enables developers to build encryption, tracking, policy enforcement, secure file transfer and access control into applications. The company also offers a solution designed to provide organizations with control over messages and files sent out via email by their employees.

Vera Logo

“With robust policy enforcement, strong encryption, and strict access controls, Vera's data-centric security solution enables employees to collaborate freely while ensuring a high level of security, visibility, and control,” the company explains.

HelpSystems has made several acquisitions in the security space in recent years, including the acquisition of the Core Security division of Irvine, Calif.-based SecureAuth in early 2019, along with the purchase of UK-based Clearswift in late 2019. It also acquired Boulder, Colorado-based Midrange Performance Group in 2018.

Founded in 1982, HelpSystems has more than 900 employees operating from 25 offices around the world. Private equity firm HGGC acquired a controlling stake in HelpSystems in 2018 in a deal that valued the company at more than $1.2 billion.

Tufin Adds Support for Google Cloud
16.12.2020  IT  Securityweek
Security policy management firm Tufin (NYSE: TUFN) announced this week that the SecureCloud component of the Tufin Orchestration Suite now supports the Google Cloud Platform.

Adding support for Google Cloud now allows Tufin customers to secure applications across the three leading cloud providers – Amazon Web Services, Microsoft Azure, and Google Cloud.

Tufin for Google Cloud

Tufin also expanded its support for Microsoft Azure Firewall, with enhancements including the ability to automatically discover Azure Firewalls in monitored subscriptions and analyzes them for security risks and misconfigurations.

Last month, Tufin announced integration with AWS Network Firewall, a new managed security service designed to help customers add network protections across all of their AWS workloads.

Additional enhancements to SecureCloud include improved reporting capabilities, configurable security policies, support for policy exception management, and SOC2 compliance.

Oracle Says it Will Move HQ From Silicon Valley to Texas
13.12.2020  IT  Securityweek

Tech giant Oracle Corp. said Friday it will move its headquarters from Silicon Valley to Austin, Texas, and let many employees choose their office locations and decide whether to work from home.

The business software maker said it will keep major hubs at its current home in Redwood City, California, and other locations.

“We believe these moves best position Oracle for growth and provide our personnel with more flexibility about where and how they work,” the company said in a regulatory filing.

The move comes the same week that Tesla founder Elon Musk announced that he has moved to Austin. Musk had criticized California officials for restrictions designed to limit the coronavirus pandemic.

Texas Gov. Greg Abbott quickly boasted about Oracle’s decision.

“Oracle just announced they have moved their headquarters to Austin,” Abbott tweeted. “Texas is truly the land of business, jobs, and opportunity. We will continue to attract the very best.”

Texas has long targeted companies in high-cost California for relocation. This month, Hewlett Packard Enterprise, one of the early companies in Silicon Valley, said it will move to the Houston area and build a campus with two five-story buildings by 2022. In 2018, Toyota shifted its U.S. headquarters from Southern California, to Plano, Texas, a Dallas suburb.

In its most recent fiscal year, which ended May 31, Oracle reported earnings of $10.1 billion on revenue of about $39 billion. The company was founded in Santa Clara, California, in 1977 and as of May 31, employed about 135,000 people.

Divers Pull Rare Surviving WWII Enigma Cipher Machine from Bottom of the Baltic
9.12.2020  IT  Threatpost

This sealogged Nazi machine will undergo restoration.

German divers for the environmental group World Wildlife Fund were searching the ocean floor for abandoned nets threatening marine wildlife. What they found instead is a treasured piece of computing history, a World War II-era German Enigma crypto machine, sunk to the bottom of the Baltic Sea to protect its precious technology from Allied forces.

The development of the Enigma Cipher machine and the life-and-death race to crack its code wasn’t just crucial to deciding the outcome of World War II; it ushered in the modern computing age. And because the Enigma’s secure code was a guarded German secret, as Allied forced approached, the military was ordered to destroy them, leaving just 320 of them surviving today, out of the more than 25,000 built for the German army from 1929 through the end of WWII, according to Dan Perera, director of the Enigma Museum.

Enigma’s Value
Today these machines are highly sought after by governments, museums and private collectors, Perera told Threatpost. He added that Enigma machines have sold at auction priced between $190,000 and $270,000.

The WWF dive team was searching Gelding Bay in the Baltic Sea between Germany and Denmark for what they call “ghost nets,” a fishing device which gets hung up on something on the sea floor, harming marine life, Sophos Security explained. One ghost net they found was caught on something lead diver Florian Huber said his colleague described as an “old typewriter,.”

Huber said the Enigma was likely aboard one of 40 submarines sunk in the bay by the German Navy at the end of WWII. “We assume our Enigma went overboard in the course of events,” he told Sophos.

The Enigma was turned over the State Archaeological Office in Schleswig-Holstein where it will undergo a restoration process. Its first stop is back underwater for another year in distilled water to rinse the salt out of the device, Naked Security’s report added.

“Historians generally agree that the reading of secret messages sent by the German using Enigma machines shortened the war by at least two years, saved thousands of lives and deprived the Germans the time they needed to develop an atomic bomb,” Perera said.

The Allies, in their efforts to crack the Enigma’s secret code, also pushed technological boundaries.

“The Enigma machine helped birth the computer age,” Perera said. “The first functioning computers were developed as part of the Allied efforts to break the Enigma codes and the codes of other German cipher machines during WWII.”

Turing’s Cybersecurity Legacy
Alan Turing, father of modern computing, invented a computer to crack the Enigma code in 1942 and inspired generations of cryptographers to pick up his work.

“This newly found Enigma is an exciting piece of military and intelligence history,” Rock Holland, security officer and vice president of strategy at Digital Shadows told Threatpost in reaction to the discovery. “The need to crack the Enigma code gave rise to cryptoanalysis, and ultimately modern-day Signals Intelligence. Alan Turing and his colleagues at the historic Bletchley Park helped turned the tide of World War II. The U.K.’s Government Communications Headquarters (GCHQ) and the National Security Agency’s (NSA) origins can be traced to these encryption devices.”

Turning and his team of Bletchley Park codebreakers worked in secret to crack the Enigma code, building on the early work of polish mathematicians. Armed with the code, Turing ultimately developed his own computer, the Bombe. At the height of the war, 211 Bombe machines were built, cracking 3,000 German messages per day, according to the British Times.

The Bombe was an electromechanical device comprised of 36 individual Enigma machines. Each individual Enigma could be programmed to take assigned letters and mimic the encryptor’s 17,500 variable positions until it found a match, BT reported.

“There are rarely stories in last two centuries which have had a greater impact on modern technology and how society perceives it and its protagonists than this one,” Dick Schrader, global vice president at New Net Technologies, told Threatpost about Turing’s legacy, He added that current security professionals are still waging the same battles over encryption today as Turing was against the Enigma during the war.

“Using a programmable device to do the heavy lifting of mathematical operations can surely be seen the first hallmark of computing in modern history,” Schrader said. “Today, cybersecurity is often faced with the very same issues, just that our adversaries are usually not countries (and there’s no war), but we are here and put all our effort into finding technology-based solutions to problems caused by the very same technology used by attackers.”

Microsoft IE Browser Death March Hastens

27.10.20  IT  Threatpost

Internet Explorer end of support browser transition
Internet Explorer redirects more traffic to Edge Chromium browser as Microsoft warns of the upcoming demise of the once dominant browser.

As the death of the once dominant Internet Explorer (IE) draws closer, Microsoft is quickly pounding more nails into the browser’s coffin.

On Monday, Microsoft hastened its IE-to-Edge browser-transition strategy and announced new controls for users and IT staff when it comes to how the lame-duck browser will handle a growing list of websites incompatible with IE. Those include YouTube, Twitter, Yahoo Mail and 1,153 other leading internet destinations.

Microsoft also announced that in two short weeks, its own services would no longer be supported by 25-year-old browser that once crushed Netscape and other competitors. In 2004 IE enjoyed 95 percent market share. Today, an estimated 5 percent of users rely on it.

As a point of reference, the Microsoft Edge web browser comes built into Windows 10. In 2015 Microsoft said it would replace IE with Edge in an effort to support modern browser functions, such as extensions. In 2018, it announced further efforts to streamline its development — Edge be rebuilt on the Chromium rendering engine, which is the same code that Google’s Chrome browser uses.

Internet Explorer alert regarding Edge BrowserIE: The Long Goodbye
Part of IE’s shuttering entails redirecting users to the Microsoft Edge 87, to be released November 17. However, BleepingComputer reported that the redirects have already begun.

Last Monday, Microsoft explained that users of IE who visited an incompatible website would be presented with an interstitial webpage alerting them they were being redirected to Microsoft Edge. An opt-in prompt asks consent to copy a user’s browsing data and preferences from Internet Explorer to Microsoft Edge. In addition to that, a website incompatibility banner will appear below the address bar for every redirection, Microsoft said.

On Monday, Microsoft released instructions on how IT staff can change the behavior of Internet Explorer when it lands on an incompatible site.

One option is configuring IE to not redirect to Edge “RedirectSitesFromInternetExplorerPreventBHOInstall”.
A second option “RedirectSitesFromInternetExplorerRedirectMode” allows IE to open sites in Edge – and browser data and user preferences are automatically imported.
The third option doesn’t import browser data and user preferences, but hides any incompatibility warning message and redirects IE to Edge.
“Redirection from Internet Explorer to Microsoft Edge requires an Internet Explorer Browser Helper Object (BHO) named ‘IEtoEdge BHO,'” Microsoft explained.

“These policies will be available as ADMX file updates by October 26, 2020 and will be available in Intune by November 9, 2020,” wrote Microsoft. ADMX files are Windows registry-based policy settings that are XML-based and define policy settings and browser behaviors.

Security and Privacy Concerns?
For many, there will be few tears when IE is finally put out to pasture. The browser, which was the centerpiece to a 2001 antitrust lawsuit between United States and Microsoft, has a spotty history when it comes to security, privacy and compatibility.

There are more than a few reasons there will be no love lost with the expiration of IE. Since 2000, there have been over 1,000 serious vulnerabilities tied to it. The majority (28 percent) are tied to code-execution bugs, 25 percent related to IE memory-corruption flaws and 20 percent buffer-overflow vulnerabilities, according to CVE Details.

For an exhaustive look at the history of major IE bugs, Paul Szabo has an impressive collection.

The browser, often standardized within corporations, was the bane of many security teams because of Microsoft’s chronic foot dragging when it came to patching. In 2014, the U.S. Department of Homeland Security advised companies and Windows XP users to ditch IE until Microsoft fixed a use-after-free bug that allowed unauthorized remote code execution.

Privacy concerns have also been paramount for users of IE, with many feeling that Microsoft’s access to browsing data coupled with services and application data was unsettling. Those Microsoft anxieties have been muted over time as massive data collected by Google, Facebook and Amazon have normalized the behavior.

Things have come full circle, with some arguing switching to Microsoft’s Edge Chromium browser is a way to avoid Google’s data collection, while still being able to reap the benefits the same browser engine.

“Microsoft Edge gives more privacy than Chrome, Google Chrome uses its user’s data to give a personalized advertisement for its revenue which would also make,” wrote a Microsoft contributor to its Tech Community.

That’s not to say Microsoft Edge doesn’t have security concerns.

On Monday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of a Microsoft Edge memory-corruption flaw (CVE-2020-15999) rated high-risk. However, unlike with IE, this bug was tied to Google Chromium code and was patched last week. At the time, Google warned that adversaries were exploiting the bug in the wild.

Final Farewell
“Internet Explorer 11 is the last major version of Internet Explorer. Internet Explorer 11 will continue receiving security updates and technical support for the lifecycle of the version of Windows on which it is installed,” wrote Microsoft. Mainstream support for Windows 10 ends Oct. 13, 2020. Extended support, according to Microsoft, ends on Oct. 14, 2025.

Cisco Ordered to Pay $1.9 Billion in Cybersecurity Patent Infringement Case
6.10.20  IT  Securityweek

A US district judge has ordered Cisco to pay $1.9 billion to Centripetal Networks, Inc., for infringing on four patents related to cybersecurity.

Founded in 2009, Centripetal focuses on cyber threat intelligence, providing solutions that help organizations defeat cyber-attacks. The company has developed technology for operationalizing and automating threat intelligence and has been awarded various patents in the United States and abroad.

In a lawsuit filed in the Eastern District of Virginia in March 2018, the company claimed that numerous Cisco product series have been infringing on five of its patents for years.

“Cisco has willfully infringed each of the Asserted Patents. Centripetal is informed and believes that Cisco had knowledge of the Asserted Patents through various channels and despite its knowledge of Centripetal’s patent rights, engaged in egregious behavior warranting enhanced damages,” the company said in the initial filing.

The company also claimed that, although it knew of the Centripetal patented technology, Cisco continued to sell products infringing on those patents and made no effort to avoid infringement.

On Monday, District Judge Henry C. Morgan, Jr., ordered Cisco to pay a total of $1,903,239,287.50 to Centripetal, ruling that four of the five asserted patents were infringed.

Damages suffered by Centripetal amounted to $755,808,545, but Cisco’s infringement was “willful and egregious,” and the judge decided to multiply the figure by 2.5, to $1,889,521,362.50. To this, an interest of $13,717,925 is applied.

Furthermore, the court imposed a three-year running royalty of 10% of sales of the accused products and their successors, followed by a running royalty of 5% on those sales, for another three years. At the termination of the second three-year term, Centripetal won’t receive any further relief, the judge ruled.

Cisco expressed disappointment and said it would appeal the decision to the U.S. Federal Circuit Court of Appeals.

"We are disappointed with the trial court's decision given the substantial evidence of non-infringement, invalidity and that Cisco's innovations predate the patents by many years," Cisco said.

Cisco to Buy Network Intelligence Firm ThousandEyes
29.5.2020  Securityweek  IT
Cisco on Thursday said that it plans to acquire privately held network intelligence firm ThousandEyes, as the networking giant looks to boost network visibility and intelligence across its enterprise networking, cloud and application services portfolios.

Terms of the deal were not disclosed, but Bloomberg reports the price tag to be nearly $1 billion, citing a person familiar with the matter.

Cisco Logo

Headquartered in San Francisco and founded in 2010, ThousandEyes provides an internet intelligence platform that delivers deep visibility and insights into application and services delivery over the Internet.

The company was started by Mohit Lad (CEO) and Ricardo Oliveira (CTO) with an initial grant of $150k from the National Science Foundation (NSF).

“ThousandEyes’ technology warns us when a user’s experience is less than ideal and can pinpoint where those failures were caused,” Todd Nightingale, senior vice president and general manager, Cisco Enterprise Networking and Cloud, explained in a blog post. “With thousands of agents deployed throughout the Internet, ThousandEyes’ platform has an unprecedented understanding of the Internet and grows more intelligent with every deployment.”

ThousandEyes will join Cisco's newly-formed Networking Services business unit headed by Nightingale, and Lad will take on the role of GM of ThousandEyes, while Oliveira will focus on ThousandEyes product vision and strategy.

ThousandEyes will continue to be agnostic to underlying implementations so customers can benefit from it no matter what vendors they use, according to Lad.

The acquisition is expected to close before the end of Cisco's Q1 FY'21.

Crowdsourced Security Testing Firm Synack Raises $52 Million
29.5.2020  Securityweek  IT
Crowdsourced security testing provider Synack on Thursday announced that it closed a $52 million Series D funding round, bringing the total raised by the company to $112.1 million.

Founded in 2013, Synack gathers cybersecurity talent to help organizations identify vulnerabilities in their assets. The Synack Red Team (SRT) is powered by over 1,500 ethical hackers from 82 countries.

Synack’s platform is leveraged by worldwide banks, retailers and healthcare companies, as well as major federal government agencies, including the Department of Defense, and aerospace and defense organizations for security bug hunting.

The company says it will use the new funding to invest more in the SRT community, as well as to advance its SmartScan technology that can continuously monitor for vulnerabilities.

Furthermore, the company plans to use the financial boost to expand internationally (it already provides bug hunting services to organizations in the U.S., Europe, and parts of the Middle East and Asia) and beyond Global 2000 firms, to cater to medium-size and small enterprises.

The company also plans on continuing investing in its core products (which combine hacker talent with AI and machine learning for vulnerability discovery), and invest in new products and offerings to expand its crowdsourced cybersecurity model to accommodate the increased reliance on remote workforces.

“The only way to guarantee trust and control in cybersecurity used to be through on-site work. That’s simply no longer the case. Synack can maintain trust and visibility all while giving customers access to an army of the most talented ethical hackers to defend against today’s relentless cyberattacks,” Synack CEO Jay Kaplan said.

The new funding round was co-led by B Capital Group and C5 Capital, but also saw participation from previous investors GGV Capital, GV (formerly Google Ventures), Hewlett Packard Enterprise, Icon Ventures, Intel Capital, Kleiner Perkins, Microsoft’s venture fund M12 and Singtel Innov8.

How to download Google Chrome's offline installer
25.5.2020  Bleepingcomputer  IT

Google Chrome is the most popular browser in the world, but its standard installer won't work if you are not connected to the Internet or can't reach their servers. This is where a Google Chrome offline installer comes into play as it contains all the files it needs to install the browser.

Google Chrome's normally offers a small 2MB installation program that connects to the Internet to download any files it needs to install the browser.

This installer, though, will fail if you are prepping a new computer and do not have Internet connectivity yet or are having trouble connecting to Google's servers.

In these situations, you can download a Google Chrome offline installer that contains all the files it needs to get the browser installed.

This installer will try to connect to the Internet when installing to download any updates, but if it fails to connect, the browser will still install.

These types of installers have their advantages as they can be downloaded from a machine with Internet connectivity and then used to install the browser on other devices you are setting up for the first time.

Another advantage is if you live under strict bandwidth limitations, you can use Chrome 83 offline installer and install it on multiple PCs without re-downloading the update.

Download Google Chrome offline installer
To download the Google Chrome offline installer, or Chrome Standalone installer as they call it, follow these steps:

Use this special URL when visiting Google Chrome's download site.
Click on 'Download Chrome.'
The Google Chrome offline installer will now be downloaded and will have a name similar to ChromeStandaloneSetup64.exe.

Chrome Offline Installer
Double-click on the ChromeStandaloneSetup64.exe executable to install the browser.
Once Chrome is installed and connected to the Internet, you should then click on the Chrome menu and select Help -> About Google Chrome to download any available updates and install them.

Microsoft Surface Book 3 is now available for purchase
23.5.2020  Bleepingcomputer  IT

Earlier this month, Microsoft announced the Surface Book 3, which is the company's most powerful laptop with dedicated Nvidia GPU support. Just like the previous generation, Surface Book 3 is available in the same 13- and 15-inch version.

Microsoft's Surface Book 3 starts at $1099 and the 2-in-1 detachable device is available for purchase starting today.

Microsoft says that Surface Book 3 provides up to 50% more performance than Surface Book 2 and up to 17.5 hours of battery life. Both 13-inch or 15-inch comes with a high-DPI PixelSense Display and it also comes with a comfortable keyboard.

There's also no cosmetic change between Surface Book 3 and Surface Book 2, so if you liked the previous generation, you're probably going to like the Surface Book 3 as well.

Inside the Surface Book 3, you'll find 10th Generation Intel Core Ice Lake processor and choice of discrete NVIDIA GeForce GTX or Quadro RTX GPUs.

Here are the full specs of the Surface Book 3:

13.5” or 15” touchscreen
8GB, 16GB, or 32GB 3733Mhz LPDDR4x
Quad-core 10th Gen Intel Core i5-1035G7 Processor and Core i5-1065G7
NVIDIA GeForce GTX 1650 with Max-Q Design w/4GB GDDR5 graphics memory
NVIDIA GeForce GTX 1660 Ti with Max-Q Design w/6GB GDDR6 graphics memory
Solid-state drive (SSD) options: 256GB, 512GB, 1TB, or 2TB PCIe SSD
If you're interested, you can buy Surface Book 3 from the Microsoft Store and Amazon.

How to use Google Chrome Tab Groups to stay organized
23.5.2020  Bleepingcomputer  IT

Google recently implemented Tab Groups in the Chrome browser, which is an incredibly useful feature to keep your browser tabs more organized. Tab Grouping has been in development for quite a while and Google says the feature is now ready for the users.

Tab Groups allows you to organize tabs by topic. You can use it to lump similar websites under one umbrella, which is called a group. These groups are organized by their name, color, and tab strip.

Tab Groups can be accessed from the tab context menu. If you don't see Tab Groups in the context menu, you can turn it on manually by following these steps:

Open Chrome://flags menu,
Search for 'Tab Groups' and enable it.
Relaunch Google Chrome.
To create a new tab group, follow these steps:

Right-click on a tab.

Select "Add to new group".
Once a new group is created, you can drag open tabs across the group strip and tabs will automatically become a part of the group.

Tapping on the group icon allows you to set a custom name and you can choose from eight colors, which is applied across the tab strip.

For example, you can create a group called 'work' and another group called 'social'. If you want to show a tab in 'work' group, right-click on the tab and click “Add to existing group” and then select 'work'.

Likewise, you can follow the above steps to add sites such as Reddit, Twitter, Facebook to the 'social' group.

Below you can see a demonstration of how Tab Groups work.

Both groups are visually organized by color. To disband a group, you can click on the circle icon and select “Ungroup” tabs or close everything inside the group.

According to Google, Tab Groups will help you in the following ways:

For instance, it helps if you’re working on several projects, or looking through multiple shopping and review sites.
Others have been grouping their tabs by how urgent they are — “ASAP,” “this week,” and “later.” Similarly, tab groups can help keep track of your progress on certain tasks: “haven’t started,” “in progress,” “need to follow up,” and “completed.”
If you do not see the Tab Groups feature yet, please be patient as it rolls out. If you do not want to wait, you can use the steps listed in the article to enable it now.

Cyber Insurance Provider Coalition Raises $90 Million
21.5.2020  Securityweek  IT
Cyber insurance and security provider Coalition this week announced that it has raised $90 million in equity capital.

Founded in 2017, the San Francisco-based startup provides up to $15 million of cyber and technology insurance coverage to companies in all 50 U.S. states and the District of Columbia, and CAD $20M of coverage across all 10 provinces in Canada.

The company is backed by global insurers Swiss Re Corporate Solutions, Lloyd’s of London, and Argo Group. It has offices in New York, Los Angeles, Chicago, Dallas, Washington DC, Miami, Atlanta, Denver, Austin, Vancouver, and Toronto.

Over the past year, Coalition saw its customer base grow 600%, to pass the 25,000 mark. The new funds, the company says, will help it support rapid growth and global expansion.

The company provides a combination of insurance and proactive cybersecurity. The offer includes a cyber risk management platform for automated security alerts, threat intelligence, guidance, and cybersecurity tools.

With the new funding, Coalition aims to provide small and mid-sized businesses with enhanced cybersecurity capabilities; to expand worldwide, starting with Canada; and deliver new insurance products to address a wider range of threats.

“Traditional cybersecurity technology such as firewalls and antivirus were designed to protect networks, not businesses. Coalition protects an entire business by offering cybersecurity-as-a-service without any additional hardware or software, security and incident response services, and comprehensive insurance cover of up to $15 million,” Joshua Motta, founder and CEO of Coalition, commented.

The new funding round was led by Valor Equity Partners, but also saw participation from Felicis Ventures, Greyhound Capital, and Coalition’s existing investors, including Vy Capital, Ribbit Capital, Hillhouse Capital, and Greenoaks Capital, among others.

To date, the company raised a total of $140 million, including $125 million in equity funding.

Earlier this year, Coalition announced the acquisition of internet scanning and threat intelligence services provider BinaryEdge for an undisclosed amount.

New Microsoft Teams enhancements announced at Build 2020

21.5.2020  Bleepingcomputer  IT

Microsoft announced today the rollout of a series of new features and enhancements to the Microsoft Teams cloud collaboration platform including improvements to meetings and events, productivity, automation, and scheduling.

Microsoft Teams is designed to combine meetings, calls, chat, and collaboration within a single communication tool that preserves context and keeps everyone in the workspace up to speed.

Teams has seen a huge increase in user numbers since the COVID-19 pandemic has started, reaching 75 million daily active users (DAUs) on March 30, which represents a 70% increase since March 19 when Microsoft reported 44 million DAUs.

Incoming Microsoft Teams enhancements
The announcement made during Microsoft's annual Build annual conference event highlights the introduction of new custom templates for creating teams, support for Power Virtual Agents chatbots, Power BI sharing, automated workflows, virtual appointment scheduling, event broadcasting, and secure remote scheduling.

"When creating a new team, you’ll soon be able to pick from a variety of customizable templates," Microsoft revealed. "Choose from common business scenarios, like event management and crisis response, as well as industry-specific templates, like a hospital ward or bank branch."

All new team creation templates feature pre-defined guidance, channels, and apps, while admins will be able to create new ones based on their organization's existing teams to standardize teams' structures once Templates in Teams will roll out in the next few months.

Microsoft is also extending the Shifts capabilities in Microsoft Teams — introduced during January 2019 — for custom workforce management systems and "auto-approvals for shift requests in scenarios where a manager’s approval is not needed."

Teams Shifts (Microsoft)
Organizations will also be able to "schedule, manage, and conduct business-to-consumer virtual appointments through the new Bookings app integration in Microsoft Teams."

Those working remotely are also getting enhancements as they will be able to take advantage of Skype TX interoperability and the new Network Device Interface (NDI) support for customized, high-scale broadcasts.

Teams will soon allow users to create and manage chatbots with the help of the Power Virtual Agents app and Power BI users to share reports and charts using a new "Share to Teams" button.

New Microsoft Teams features in development
According to the Microsoft 365 roadmap, Redmond's developers are working on rolling out multi-window meetings and calling next month for Windows and macOS clients, allowing users to "pop out meetings and calling into separate windows to help them optimize their workflow."

Microsoft Teams is also getting support for allowing meetings attendees to upload their own images to customize their backgrounds.

"We are building upon the heavily popular background effects feature in Teams meetings with custom upload capabilities," Microsoft says.

You can find tips on how to set custom video backgrounds in Microsoft Teams in the video embedded below.

Group chats will also be enhanced to accommodate up to 250 users at a time for occasions when creating a new team is not really needed and you only want to "organize an ad-hoc discussion with staff at an event," or with colleagues you're not working with on a regular basis.

Starting with Q4 2020, Microsoft also plans to roll out suggested replies to Microsoft Teams to allow users to "quickly reply to a given message by tapping on a suggested reply."

Website Security Provider Source Defense Raises $10.5 Million
21.5.2020  Securityweek  IT
Client-side web security provider Source Defense this week announced raising $10.5 million in a Series A+ funding round.

Founded in 2014, the company provides a website security solution aimed at delivering real-time protection against attacks originating at website supply-chain vendors.

The company says it can keep sites safe from third-party scripts such as Magecart and Formjacking attacks, thus helping businesses and government organizations alike avoid interruptions.

The company’s VICE Client-side Web Security Platform leverages machine learning and industry best practices to deliver a fully automated solution to control access and permissions of various dynamic components on a website.

Source Defense says it will use the new funding to accelerate growth and improve its platform to better meet growing demand on the market.

Over the past 12 months, its sales more than tripled, and the company expanded its research and development team, established partnerships, and added more people to its executive team.

“The demand for combining premium online shopping experience with the state-of-the-art security controls has proved an urgent need for our solution,” said Source Defense CEO Dan Dinnar. “Our success with several Fortune 500 companies, including a most recent deployment at a Fortune 50 company is proof of the value we can provide industry leaders, in view of rampant activity by attackers.”

The new funding round added Capital One Ventures as an investor, but also saw participation from existing investors JVP, Allegis Cyber, Global Brain, and NightDragon.

Container Security Company Aqua Raises $30 Million in Series D Round
20.5.2020  Securityweek  IT
Israel-based container security company Aqua Security has raised another $30 million in a Series D funding round, which brings the total raised to date to more than $130 million.

The latest funding round was led by Greenspring Associates, with participation from previous investors Insight Partners, Lightspeed Venture Partners, and TLV Partners.

“This funding will support the continued operation of the company as well as ongoing investment in new territory development in the Asia-Pacific, Latin America and South America regions,” Dror Davidoff, co-founder and CEO of Aqua Security, told SecurityWeek.Aqua Security raises another $30 million

Aqua Security provides solutions designed to help organizations secure their cloud, container-based and serverless applications and infrastructure. The company’s products provide visibility and security automation capabilities across an application’s lifecycle.

Its first SaaS offering, a cloud security posture management solution, was launched following the company’s acquisition of CloudSploit in November 2019. Its second SaaS product is named Aqua Dynamic Threat Analysis and it enables organizations to detect and mitigate threats in container images using a secure container sandbox.

Aqua says it has more than doubled revenue and employee headcount over the past year, and the company claims it now has over 400 customers across a wide range of sectors.

“Aqua has made impressive strides building its customer base and establishing itself as a market leader in securing cloud native applications,” said Hunter Somerville, general partner at Greenspring Associates. “Even under today’s challenging business conditions, the company has demonstrated strong revenue growth, and an ability to introduce new, exciting products that differentiate their offering. With enterprises continuing to migrate aggressively to the cloud, we see Aqua as well-positioned to benefit from and enable that adoption.”

Aqua previously raised $25 million in a Series B funding round in 2017 and $62 million in a Series C round in 2019.

Zoom global outage preventing meetings, video, and audio
19.5.2020  Bleepingcomputer  IT

Update: Zoom states that the issue has been fixed and that users should log out of their session and try again.

If that does not work, log out of Zoom, log back in, and then try to access their meeting again.

Zoom has a global outage that is preventing users from joining meetings or see video and hear audio once they have joined. There is currently no indication as to when the issue will be resolved.

If you were hoping to join your Sunday school class, attend virtual Church, or access your virtual exercise class, you might have to do something else today as people are having issues connecting to all of these types of meetings.

According to the outage monitoring site DownDetector, Zoom began experiencing difficulties at approximately 7 AM EST, causing problems when attempting to join or conduct virtual meetings.

Zoom outage reports on DownDetector
According to the Zoom status page, they began investigating the outage at 9:42 AM EST and have stated that this is only affecting a small subset of users.

Zoom Status Updates
Zoom's latest update was 10:41 AM EST when they stated that they are "continuing to investigate this issue."

Unfortunately, until this is resolved, Zoom meetings will not work.

Update 5/17/20 11:45 EST: Zoom states that the issue has been resolved.