The state of Israel’s cybersecurity market

 The Equifax breach, WannaCry, NotPetya, the NSA leak, and many more cyber incidents – 2017 was certainly a busy year for hackers, illustrating yet again just how vital innovative cybersecurity solutions are in the fight against cyber threats.
Second only to the U.S., in terms of cybersecurity investment 2017 was another excellent year for Israeli cybersecurity startups, with dozens of… Read More

Security researchers flag invite bug in WhatsApp group chats

 Security researchers have revealed details of a vulnerability in WhatsApp’s security that could be used to compromise the secrecy of encrypted group chats on the messaging platform. Read More

Twitter adds support for app-based two-factor authentication

 Twitter is rolling out an update to its platform security that will allow users to employ third-part authentication apps to receive a two-factor login authentication for their Twitter account. Twitter has offered two-factor for a long while now, but it’s used the less secure SMS-based verification method excessively until now. The third-party app support means you can use tools like… Read More

Imgur says 1.7M emails and passwords were breached in 2014 hack

 Image-hosting site turned meme social network, Imgur, is the latest tech service to ‘fess up to a security breach. In a blog post Friday it revealed that hackers had compromised its systems in 2014, with ~1.7M emails and passwords affected.  Read More

Uber data breach includes UK users — but it’s still not clear how many

 The UK’s digital minister has said the October 2016 data breach that Uber disclosed this week does affect UK users — though it’s still unclear how many are impacted at this stage. Read More

More horrors at every turn: Uber’s shocking hacking mess just one more setback to turnaround effort

The appointment of Dara Khosrowshahi as head of Uber Technologies Inc. this summer was supposed to mark the beginning of a new chapter. The company had been racing from one disaster to the next, leading to boycotts, lawsuits, criminal probes, an executive exodus and an investor-led mutiny against the co-founder.

Somehow, the new chief executive officer keeps finding more horrors at every turn. The latest is a cyberattack Uber had been concealing since last year that exposed personal data on 57 million customers and drivers globally. The company, which said it had paid hackers US$100,000 to delete the data and keep quiet, disclosed the incident in a statement to Bloomberg on Tuesday, following an investigation commissioned by the board. The chief security officer and one of his deputies were ousted for their actions following the hack.

Khosrowshahi’s role so far looks less like a turnaround artist and more like chief apology officer on behalf of his predecessor, Travis Kalanick. Since he took over, London moved toward outlawing the service, citing “a lack of corporate responsibility.” Uber is appealing. (“I apologize for the mistakes we’ve made,” Khosrowshahi said in response.) He then travelled to Brasilia to meet with officials there and ward off restrictions on Uber’s business. (“In the past, we were a bit aggressive,” he told a Brazilian newspaper.) And now the mishandled data breach. (“We will learn from our mistakes.”)

The hacking fallout has already begun. Within hours of the disclosure, a customer filed a lawsuit seeking class-action status, and New York Attorney General Eric Schneiderman launched an investigation. More states and the Federal Trade Commission, which had settled with Uber over another privacy matter in August, will probably pile on, said Jeremiah Grossman, chief of security strategy at SentinelOne Inc., which aids companies with cyber-defence. “I’m sure they’ll get another call from the FTC,” he said.

The ghosts of Kalanick’s past will scare up more problems. The hack introduces an unexpected factor in negotiations between SoftBank Group Corp. and Uber shareholders over a planned investment of as much as US$10 billion, a deal Khosrowshahi has been championing. It may weigh on the company’s valuation, now at about US$70 billion, ahead of an initial public offering expected in 2019. And the theft of customer data offers one more reason for people to switch to Lyft Inc., which was quickly gaining market share in the U.S. before expanding to Canada this month, or another local ride-hailing app.

The breach at Uber, while significant, is smaller than recent incidents at Yahoo or Equifax Inc., but the decision to keep it a secret for a year was particularly concerning. Cybersecurity experts said Uber’s payment to the two hackers in exchange for their discretion and assurances that they delete the data was very unusual. “I was shocked,” said Kowsik Guruswamy, chief technology officer at Menlo Security Inc. “Companies need to own up.”

Experts also questioned whether Uber was able to verify the information was truly out of the attackers’ hands. “What guarantee or promise did they have that they deleted this data and didn’t make a backup?” Guruswamy said. “It sounds to me like the US$100,000 went, not to protect the consumers, but to keep it from getting out in the news.”

Khosrowshahi said in an emailed statement that Uber secured its systems and implemented new security measures after the attack. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” he said.

Besides the hack, there are numerous past indiscretions from Kalanick’s tenure that will haunt his successor at Uber. The U.S. has opened at least five criminal probes into possible bribery, illicit software, questionable pricing schemes and theft of a competitor’s intellectual property, people familiar with the matters have said. The San Francisco-based company also faces dozens of civil suits, including a high-profile case from Alphabet Inc. set for trial next month.

Before the board selected former Expedia Inc. CEO Khosrowshahi in August, Meg Whitman was a finalist for Uber chief. In a coincidentally timed announcement shortly before Uber’s hacking disclosure Tuesday, Whitman said she was stepping down as head of Hewlett Packard Enterprise Co. Perhaps she should now consider herself lucky to be passed over for the Uber job.

 

Bloomberg.com

Tortuga Logic raises $2 million to build chip-level security systems

 Tortuga Logic has raised $2 million in seed funding from Eclipse Ventures to help in their effort to maintain chip-level system security. Based in Palo Alto, the company plans to use the cash to build products that will find “lurking vulnerabilities” on computer hardware. The founders, Dr. Jason Oberg, Dr. Jonathan Valamehr, Professor Ryan Kastner of UC San Diego, and Professor… Read More

Threat Stack snares $45 million investment as spotlight shines brightly on security

 Threat Stack, the Boston-based security startup that helps companies stay protected in the cloud, reeled in a $45 million investment today. It seems that they are in the right place in the right time as news of the Equifax breach swirls on mainstream media. The round includes a big institutional backer, as fellow Boston firm Fidelity Investments participated through their investment arm,… Read More