MongoDB, a database software company based in New York, has filed to go public with the Securities and Exchange Commission as it continues to burn a ton of cash despite its revenue almost doubling year-over-year. The company, which provides open-source database software that became very attractive among early-stage startups, is one of a myriad of companies that have sought to go public by… Read More
A highly popular Latin social media company called “Taringa” recently suffered a massive data breach that impacted some 28 million users, which is essentially its entire user base. The breach revealed two fundamental issues, one the responsibility of the company, and the other the fault of their users.
First, on the company side, they didn’t take any special steps to secure the administration file, which gave the hackers the keys to their virtual kingdom and made it possible for them to swoop in and steal literally everything. Worse, their password encryption was weak MD5, 128-bit, rather than the more robust and secure SHA-256. Taken together, these things made such a massive breach possible in the first place.
A forensic analysis of the user account information stolen, however, reveals another, equally troubling problem. The most popular password used by site users? 123456789, and the second most popular being 123456. Obviously, security was not something that Taringa’s users took very seriously either.
In any case, if you use the site, then you should change your password immediately, because your account is all but certain to have been compromised. Also of particular import is to change the passwords on any other account that shares the same password you used on Taringa. Once hackers have a password of yours, they’re almost certain to try using it on your other accounts because an alarmingly high percentage of people use the same 1-2 passwords for everything. This means that a breach of Taringa could expose your bank and credit card accounts to risk as well, if you’re using the same passwords on those systems.
While we’re on this subject, if you’re not using a different password for each account you have, you are putting yourself at unnecessary risk. The same can be said if you’re not using a password manager or enabling two-factor authentication whenever it is offered. Do those things, and you’ll be much safer online.
Like a train gaining speed as it leaves the station, the Cloud Native Computing Foundation is quickly gathering momentum, attracting some of the biggest names in tech. In the last month and a half alone AWS, Oracle, Microsoft, VMware and Pivotal have all joined. It’s not every day you see this group of companies agree on anything, but as Kubernetes has developed into an essential… Read More
Pluralsight is announcing a new tool this morning to help satiate our innate desire to compare ourselves against one another. Pluralsight IQ is designed to assist developers in assessing their competencies and determining their proficiencies relative to their peers. Engineers taking the test are assigned scores between zero and 300 along with an indicator of attainment — novice,… Read More
Identify the traits of your top performing employees and hire people like them, but without the discrimanatory bias of traditional recruiting. That’s the promise of Pymetrics, an artificial intelligence startup that today announced $8 million in new funding onstage at TechCrunch Disrupt SF. Read More
The fintech revolution continues apace, and while many startups are hoping that newer and better tech will help them take business away from traditional banks, today a company has received a large round of funding to help those incumbent institutions better compete.
10x Future Technologies is a startup that has built a ground-up platform that incorporates machine learning, cloud services… Read More
Alchemist Accelerator, known for its specialty in working with enterprise startups, held its 16th demo day at Microsoft’s offices in Mountain View, California. 18 startups pitched ideas ranging from more traditional marketplaces to frontier aerospace technology. Addressing the packed auditorium before the pitches began, Ravi Belani, managing partner at Alchemist, reasserted his core… Read More
We’re happy to announce our new version, introducing the simplified policy, improved prevention, detection, and response, and many more features, fixes, and enhancements. Our customers have been telling us which improvements they want to see in our product, and we are responding. Let’s go over the most significant changes.
SentinelOne’s policy was never complex – Yet, we simplified it further by removing any setting that was not 100% clear to our clients.
The new policy of 2.0 is a simple selection between “Protect” and “Detect”.
Choosing “Protect” means complete automation and autonomy – we take responsibility for preventing and mitigating all threats. Choosing “Detect” means that you are running in EDR mode.
Another option you will find useful is the differentiation between Threats – high confidence detections, and Suspicious activity, so you can assign them different policy modes. Try it out.
Under the hood of our SentinelOne agent, multiple engines are running and ensuring full visibility and detection of any malicious activity. We recommend running all of our Static and Behavioral AI engines, but allow administrators to control them, based on policy.
Prevention, Detection, and Response at Scale
Many have tested our capabilities, and the results are available:
- Our Static AI (DFI) prevents malicious files and variants from ever being executed on your devices.
- Our Behavioral AI specializes in catching zero-day and unknown attacks based on their behavior, including file-less and other new means to evade traditional AV solutions.
And we are always working on improvements. In the wild, we see more and more campaigns that don’t need to use files (WannaCry, EternalBlue, etc’). The reason is obvious – why expend effort on a file that will become a blocked signature in few days? For instance, it is common for attackers to find a weak host on a network and utilize it to compromise other devices on the same network. We invested further in our behavioral AI engines to improve detecting of such flows. When we detect a risk, we already have the full context: users, processes, command line arguments, registry, files on the disk, external communication, and more.
Forensics Analysis Improvements
Once detected, it is helpful to identify the full context of the attempt, where it came from, and what it tried to do, even if it was automatically mitigated by “Protect” mode. To make this easy, we improved what you see and what you can do. Starting in 2.0:
- You can see:
- Which of our engines detected it.
- A link to VirusTotal entry (for known threats) and to a Google search.
- More forensics information, including the username, and the full command line arguments used by all processes during the incident.
- You can do:
- More exclusion options: by hash, path, certificate, file type, or browser type.
- Quickly and easily exclude for each specific incident directly from the forensics analysis view.
Full Disk Scan
Many of our customers asked for the option to scan a device and Full Disk Scan is now available for our Windows and macOS agents. Whether you are worried about dormant malware or concerned with issues of audit and compliance, you can choose a group from the console and initiate a scan, or just install using a flag that triggers the full disk scan. This is a great way to get value on day one.
More improvements starting in 2.0
- Performance improvements (cross-platform)
- Click-through EULA
- SSO support for the management console login.
- VSS disk space does not exceed 10% (unless configured by the administrator to a different limit).
- Support tools and remote troubleshooting options for your agents.
- Additional proxy options, including failover to direct connection (for roaming devices) and authenticated proxy
- The Auto-immune flow is improved and now works on verified threats only.
- Document names are not sent to the console, unless malicious.
- Support for Windows agent on a single core.
Our team is already working on the next release, planned for later this year. It will have improved deployment flows, more reporting options, Agent configuration and more policy options, initial scan support (no reboot needed), and static detection indicators, for a better understanding of detection reasons.
You’ve probably heard of the popular app, “CCleaner.” Owned by Avast, this handy utility boasts more than two billion downloads and currently has more than two million active users. As the name suggests, the program cleans the “crud” off your hard drive so that your computer will run faster and more efficiently, and it’s very good at its job.
Unfortunately, as this recent incident reminds everyone, no company is immune to hacking, not even companies that make antivirus software.
In this case, the app’s code was hijacked with code that would have allowed it to spread malware to anyone who used the tool, and it was designed to send a variety of user data back to the hackers who inserted the code, including:
• The MAC addresses of the first three network adapters
• A comprehensive list of all processes your machine is running
• A complete list of all the software you’ve got installed, including which Windows updates you’ve installed
• Your computer name
• And more
An investigation into the matter is ongoing, but a spokesman from parent company Avast wanted to make two things clear to the program’s user base:
Firstly, although the code was clearly inserted with the intention of using CCleaner to distribute malware, there’s no evidence that any has been delivered via this channel. The developers caught wind of the change quickly and moved to shut it down before it could be used.
Secondly, although there’s no way of knowing if any user data was coopted by the hackers via their code, even if some data was stolen, it was likely encrypted, and would be nigh on impossible for the hackers to make use of.
Even so, it’s an embarrassing turn of events for a company on the front line in the ongoing battle to prevent such things from occurring in the first place.
If you downloaded CCleaner version 5.33 between Aug. 15 and Sept. 12 of this year, delete the file and grab a new copy from the company’s website today. The latest version has had the offending code removed.
Threat Stack, the Boston-based security startup that helps companies stay protected in the cloud, reeled in a $45 million investment today. It seems that they are in the right place in the right time as news of the Equifax breach swirls on mainstream media. The round includes a big institutional backer, as fellow Boston firm Fidelity Investments participated through their investment arm,… Read More
2415 E Camelback Rd
Suite 700, PMB 7019
Phoenix, AZ 85016