[CyberMDX in Security Boulevard] CyberMDX Announces Partnership with Philips to Integrate CyberMDX into Newly Announced Integrated Cybersecurity Services

CyberMDX, a leading healthcare cybersecurity provider delivering visibility and threat prevention for medical devices and clinical networks, today announced a partnership Royal Philips, a global leader in health technology, to integrate CyberMDX’s Healthcare Security Suite into the newly introduced integrated Cybersecurity Services offered by Philips.

Read more here.

The post [CyberMDX in Security Boulevard] CyberMDX Announces Partnership with Philips to Integrate CyberMDX into Newly Announced Integrated Cybersecurity Services appeared first on OurCrowd Blog.

OurCrowd Blog

[Kenna Security in GlobeNewswire] Responsible Exposure? On Average, Attackers Gain 47-Day Advantage when Exploits Predate Patches, According to Kenna Security

New Research Fuels the Debate on Vulnerability Disclosure and Exploit Development

Read more here.

The post [Kenna Security in GlobeNewswire] Responsible Exposure? On Average, Attackers Gain 47-Day Advantage when Exploits Predate Patches, According to Kenna Security appeared first on OurCrowd Blog.

OurCrowd Blog

7 Signs You Need a Security Operations Center

Traditionally, startups and small to mid-sized businesses haven’t formed security operations centers (SOCs). Yet many cyber threats are happening on a daily basis to organizations of all sizes. Consequently, plenty of leaders have begun looking into the possibility of adding an internal SOC or partnering with an SOC-as-a-service provider.

To be sure, this isn’t a fast decision; it requires consideration. SOCs cost money to staff and maintain. Even outsourcing an SOC will require an annual budgetary commitment. And the SOC team, whether in-house or outsourced, will need to work seamlessly with current staffers. 

Despite these monetary concerns, many companies feel that the risks imposed by vulnerability far outweigh any temporary SOC creation hurdles. After all, the average data breach costs organizations more than $ 3.8 million. In other words, an SOC can quickly pay for itself.

Are you interested in closing cyber security gaps with an SOC but unsure if the timing is right to proceed? If you’re experiencing any of the following indicators, you’ll want to move forward with SOC plans sooner rather than later.

1. Your team is constantly targeted by cyber attackers.

Phishing attempts. Malware. Ransomware. Hackers aren’t holding back on their creativity in trying to get into your systems any way they can. In fact, you may only know about a few bigger attacks. Smaller ones may have breached your firewalls or infected your systems without detection, causing operational issues if not a full-blown security risk.

Statistics show that more than 7,000 breaches happened in 2019 alone; they’re the ones we know about, not the 53% of ones we don’t. Sure, you can install software and hope it slows down intruders. However, without a dedicated SOC made up of professional analysts and tech-savvy engineers, you’ll remain vulnerable. On the other hand, SOC personnel will be able to keep your company a step ahead with proactive, not just reactive, responses.

2. Your company’s taking too long to respond to threats.

Do you continuously find out about cyber attacks too long after they happen to do anything? This is more than frustrating; it puts your operations at risk again and again. It can also lead to a major data breach of your proprietary data or private customer information. 

SOCs know that hackers and attackers count on businesses being slow on the draw, with the average breach taking nearly 300 days to address. Delays give criminals time to get in, get desired data, and leave without being shut down. When you have an SOC in place, your SOC experts can mobilize efforts from a centralized point. Expect your SOC team to lean on historical cyber attack clues and digital “fingerprints” to quickly tamp down on events in real time. 

3. You have moved into the e-commerce sector.

Amid concerns over doing business the traditional way during the pandemic, many businesses have begun to dabble in e-commerce. While e-commerce platforms can make selling products and even services more convenient, they can also open doors for data breaches and related issues. 

An SOC will be able to consider all the ways attackers might try to invade or exploit your e-commerce platform to steal data. Knowing that your site is monitored 24/7 will help lessen worries that you’ll wake up in the morning to bad news. Remember: Consumers love e-commerce, but they don’t love it when their identities have been stolen.

4. Your people are telecommuting all or most of the time.

Many people now work from home and the trend is expected to continue into 2021. From a logistical standpoint, remote work can be a cost-effective way to keep operations humming along. Nevertheless, remote working cloud-based systems and platforms may suffer from vulnerabilities.

What’s the answer to this problem? Your SOC and IT teams can work in tandem. Together, they’ll reduce the chances of cyber attacks on your telecommuting employees, amassing logs of incidents and responses. Over time, your company should be able to sidestep foreseeable issues thanks to proactivity from the SOC.

5. You’ve managed cybersecurity in a piecemeal way.

When your organization was in its infancy, you may have assigned cybersecurity duties to one or two people. Over time, those people may have kept those initial responsibilities and added to them. Yet that doesn’t mean you have an actual SOC. Instead, you have parts of an SOC, but not the complete SOC advantage.

A true SOC includes people whose only job is to focus on cybersecurity. They’re not engaged in cybersecurity some of the time—their commitment is devoted to protecting your network and systems from attacks. Now, this isn’t to say that some employees currently involved in cybersecurity won’t be interested in moving to an SOC role. They might. But you need to establish the SOC team first.

6.  You’re handling customer needs 24/7.

Consumers appreciate being able to engage with preferred brands 24/7. Though that’s terrific for business, it opens the door for cyber threats to happen during “off” hours. 

SOCs can work round-the-clock. For instance, you may have a large enough company to require SOC employees to stagger themselves with shift work. Or, you may use an SOC-as-a-service provider to enable 24/7 monitoring. Either way, you’ll reduce the chances of being surprised by a breach attempt that happens overnight.

7. You would like to attract more high-quality talent.

The most talented job seekers are looking for companies that have stellar reputations and leverage modern processes and equipment. What better way to show top-notch candidates that you take risk management seriously than to tout your SOC?

Talk about your commitment to forming an SOC during interviews, and explain how it benefits everyone in the workforce. You’ll come across as leading edge and high-tech. Who knows? This could be the key differentiator that makes a strong applicant say “yes” to your offer over one from your competitor.

 At the end of the day, don’t think about SOC as a burden on your budget. Rather, look at SOCs as a viable way to save money by protecting your brand, employees, and customers from cyber threats and their fallout.

The post 7 Signs You Need a Security Operations Center appeared first on KillerStartups.

KillerStartups

Gone in 90 seconds: Belgian security researchers demonstrate how to break into Tesla Model X in minutes

Tesla model X

Vehicles are rapidly being upgraded with new and advanced tech as we are now entering an era of driverless vehicles and flying cars. New cars are also getting upgraded features and Tesla is a company that’s well known for offering advanced tech capabilities in its fully electric cars. However, the Tesla Model X, which starts at €88,990, was hacked into by researchers over at the COSIC, an imec research group at the University of Leuven in Belgium. 

The security researchers used two weaknesses in Tesla Model X’s modern system to gain full access to the car and drive away. They used a self-made kit that costs around €168. Do note that the researchers notified Tesla of the weakness and the company is pushing a patch as part of the 2020.48 over-the-air (OTA) software update that fixes the exploits. 

Hacking into a tesla in less than 2 minutes

The researchers over at COSIC previously hacked into the Tesla Model S keyless entry system. This time, they discovered some new flaws in the keyless entry system of the Tesla Model X. The car allows its users to automatically unlock when they are approaching the vehicle, or by pressing a button on the wireless key fob that uses Bluetooth Low Energy (BLE) protocol. Additionally, a smartphone app by the company can also be used to unlock the car, and it also uses BLE to communicate with the car.

The BLE protocol gave researchers a way to break into Tesla Model X’s security. Using a modified Electronic Control Unit (ECU) from a salvaged Model X, they wirelessly forced key fobs to be discovered as BLE devices from a distance of up to 5 meters. Reverse

engineering the Tesla Model X key fob, they also found that the BLE interface allows installing remote software updates and this mechanism is said to have been lacking in security. 

The researchers were able to wirelessly compromise a key fob and take full control over it. And they could also obtain valid unlock messages to unlock the car later on. “With the ability to unlock the car we could then connect to the diagnostic interface normally used by service technicians. Because of a vulnerability in the implementation of the pairing protocol, we can pair a modified key fob to the car, providing us with permanent access and the ability to drive off with the car”, says Lennert Wouters, PhD student at the COSIC research group. 

“To summarise, we can steal a Tesla Model X vehicle by first approaching a victim key fob within about 5 meters to wake up the key fob. Afterwards we can send our own software to the key fob in order to gain full control over it. This process takes 1.5 minutes but can be easily performed over a range of more than 30 meters. After compromising the key fob, we can obtain valid commands that will allow unlocking the target vehicle,” says Dr Benedikt Gierlichs, a researcher at COSIC.

“After approaching the vehicle and unlocking it we can access the diagnostic connector inside the vehicle. By connecting to the diagnostic connector, we can pair a modified key fob to the car. The newly paired key fob allows us to then start the car and drive off. By exploiting these two weaknesses in the Tesla Model X keyless entry system we are thus able to steal the car in a few minutes”, says Dr Benedikt Gierlichs, a researcher at COSIC,” he adds. 

Self-made hacking kit cost around €168

The researchers over at COSIC made their own kit to hack into the Tesla Model X. It consisted of a portable Raspberry Pi computer that was equipped with a CAN shield. They also obtained a modified key fob and ECU from a salvage vehicle from eBay and a LiPo battery powered the circuit. Overall, the kit cost them around €168. 

The Belgian researchers informed Tesla about the identified vulnerabilities on the 17th of August 2020. Tesla confirmed the issues and awarded the team’s findings under its bug bounty programme and started working on security updates. As part of the 2020.48 OTA software update, which is now rolling out, a firmware update will be pushed to the key fob to patch the flaw.

Image credits: Tesla

Startups – Silicon Canals

[Kenna Security in Loss Prevention Media] Tips to Help Retailers Ensure That Black Friday Is Secure and Incident Free

In the build up to Black Friday, it’s tempting to make technology upgrades to help performance on the day, but Stephen Roostan, VP EMEA at Kenna Security, warns that this could backfire and weaken an organization’s security. “For the IT and security teams, this make or break period is definitely not the time to be making significant upgrades or proactively deploying major patching initiatives. All the must-do IT projects will either have been completed, or put on the back-burner for now.

Read more here.

The post [Kenna Security in Loss Prevention Media] Tips to Help Retailers Ensure That Black Friday Is Secure and Incident Free appeared first on OurCrowd Blog.

OurCrowd Blog

Fireblocks Raises $30M to Ensure the Security of Digital Assets, Paving the Way for Widespread Adoption

The security of digital assets is absolutely critical in ensuring widespread adoption and this has led to the emergence of countless digital-asset-as-security-service offerings. Fireblocks has emerged as a leader in digital asset security, with a growing number of companies rely-ing on Fireblock’s platform to securely store, transfer, and issue digital assets. The compa-ny has facilitated the transfer of over $ 150B+ in digital assets for local and international companies since its launch, $ 23B+ worth of digital assets transferred in Q3 alone, and the company has tripled its customer base already in Q4. AlleyWatch caught up with Co-founder and CEO Michael Shaulov to learn more about how Fireblocks provides the criti-cal infrastructure needed for enterprises to scale digital asset exposure, the company’s growth, and recent funding round from investors that include Paradigm, Cyberstarts, Tenaya Capital, Swisscom, Galaxy Digital, Digital Currency Group (DCG), and Ce-dar Hill Capital.
AlleyWatch

[NanoLock in Energy CIO Insights] Nanolock Security partners with Genus Power Infrastructures

NanoLock Security has announced a collaboration with Genus Power, India’s global smart metering infrastructure provider.

Read more here.

The post [NanoLock in Energy CIO Insights] Nanolock Security partners with Genus Power Infrastructures appeared first on OurCrowd Blog.

OurCrowd Blog

Hardware Security Module Market 2020:Global Industry Size, Analysis, Growth Factors, Key Companies, Regional Outlook, Future Insights Till 2026 | Gemalto NV, Hewlett-Packard Enterprise Development LP, Utimaco Gmbh, IBM – Sunrise Nigeria

Hardware Security Module Market 2020:Global Industry Size, Analysis, Growth Factors, Key Companies, Regional Outlook, Future Insights Till 2026 | Gemalto NV, Hewlett-Packard Enterprise Development LP, Utimaco Gmbh, IBM  Sunrise Nigeria
“nigeria startups when:7d” – Google News

Mobile security startup Oversecured launches after self-funding $1 million, thanks to bug bounty payouts

You might not have heard of Sergei Toshin, but you should know his work.

Toshin is a 23-year-old security researcher in Moscow who focuses largely on mobile app security. With his knowledge of what different mobile security flaws looked like, Toshin built a custom Android mobile app vulnerability scanner to quickly and automatically find vulnerabilities in an app’s code, he told TechCrunch.

The scanner works by decompiling the Android app and running through the source code line-by-line — just as a human would — and detecting possible flaws in code where a vulnerability could be triggered. It takes a set of rules, which effectively describes different kinds of vulnerabilities, and searches for vulnerable code that meets those conditions, Toshin said.

Once the scanner finishes, it spits out a report describing where the vulnerabilities are in the code.

It was using this scanner, which he developed over the course of the last two years, that he was able to speed up the process of finding bugs.

“To participate in a bug bounty, I would just download the app and copy the vulnerabilities identified in the vulnerability report,” he said.

In August, he revealed details of an Android vulnerability that allowed malicious apps to steal sensitive user data from other apps on the same device. Two weeks later, he dropped details of a bug in TikTok’s Android app that could have led to hijacking of user accounts.

These are just two out of hundreds of security bugs he has reported to companies through their bug bounty programs, a way for researchers to warn companies of potential issues while getting paid for their findings.

“It occurred to me to launch a startup and begin helping other companies find vulnerabilities in their mobile apps,” Toshin told TechCrunch.

One of the vulnerability scanner’s reports for an Android app. (Image: Oversecured)

And that’s how Oversecured was founded. But how Toshin funded his startup was somewhat unconventional.

What’s unusual about Oversecured is not that it’s self-funded, but it launched out of a product that effectively paid for itself. Toshin netted more than $ 1 million in bug bounties in a year using his scanner, in large part thanks to Google’s security rewards program, which pays security researchers far more for security bugs found in Android apps with over 100 million installs.

Oversecured is not yet profitable, but Toshin has also not taken any venture-backed funding to date. The company now has about five developers, as well as designers and translators as all efforts focus on building and improving the scanner.

The startup so far only supports scanning Android apps. Toshin said the scanner is open to bug hunters and security researchers, who can pay to scan each app — with five scans tossed in for free.

But Toshin is betting big on allowing enterprise customers to buy access to the scanner and integrate it with their development tools. Oversecured launched its B2B offering last week, allowing app makers to integrate the scanner directly into their existing app development processes to find bugs during coding.

Toshin said that enterprise customers will soon get support for scanning Swift source code for iOS apps.

Oversecured joins a number of other established app security companies in the space. But Toshin is confident that his technology stands among the crowd.

“It’s important to find everything,” he said.

Read more:

Startups – TechCrunch

[NanoLock in Israel21c] Genus Power and NanoLock Security Partner to Secure Smart Meters and Prevent Utility Cyberattacks and Fraud

NanoLock’s device-level solution brings cyber protection and management to Genus Power, India’s global smart metering infrastructure provider.

Read more here.

The post [NanoLock in Israel21c] Genus Power and NanoLock Security Partner to Secure Smart Meters and Prevent Utility Cyberattacks and Fraud appeared first on OurCrowd Blog.

OurCrowd Blog