From Digital Age to Nano Age. WorldWide.

Tag: cybersecurity

Atoms Lanka Solutions > cybersecurity
Robotic Automations

Thoma Bravo to take UK cybersecurity company Darktrace private in $5B deal | TechCrunch

April 26, 2024 5:48 PM0


Darktrace is set to go private in a deal that values the U.K.-based cybersecurity giant at around $5 billion.

A newly-formed entity called Luke Bidco Ltd, formed by private equity giant Thoma Bravo, has tabled an all-cash bid of £6.20 ($7.75) per share, which represents a 44% premium on its average price for the three-month period ending April 25. However, this premium drops to just 20 percent when juxtaposed against Darktrace’s closing price yesterday, as the company’s shares had risen 20% to £5.18 in the past month.

Founded out of Cambridge, U.K., in 2013, Darktrace is best known for AI-enabled threat detection smarts, using machine learning to identify abnormal network activity and attempts at ransomware attacks, insider attacks, data breaches, and more. The company claims big-name customers including Allianz, Airbus, and the City of Las Vegas.

After raising some $230 million in VC funding and hitting a private valuation of $1.65 billion, Darktrace went public on the London Stock Exchange in April, 2021, with an opening-day valuation of $2.4 billion. Its shares hit an all-time high later that year of £9.45, and plummeted to an all-time low of £2.29 last February. But they had been steadily rising since the turn of the year, and hadn’t fallen below £4 since the beginning of March.

The full valuation based on Thoma Bravo’s offer amounts to $5.3 billion (£4.25 billion) on what is known as a full-diluted basis, which takes into account all convertible securities and is designed to give a more comprehensive view of a company’s valuation. However, the enterprise value in this instance is approximately $4.9 billion (£4 billion), which includes additional considerations such as debt and cash positions.

Take-private

There has been a swathe of “take-private” deals of late, with Vista Equity this month announcing plans to acquire revenue optimization platform Model N in $1.25 billion deal — its fifth take-private deal in 18 months. And last month, Thoma Bravo revealed it was taking critical event management software company Everbridge private in $1.8 billion transaction.

In an investor relations’ document published today, Thoma Bravo said that iDarktrace represented an “attractive opportunity to increase its exposure” to the fast-growing cybersecurity market.

“Darktrace is at the very cutting edge of cybersecurity technology, and we have long been admirers of its platform and capability in artificial intelligence,” Thoma Bravo partner Andrew Almeida said. “The pace of innovation in cybersecurity is accelerating in response to cyber threats that are simultaneously complex, global and sophisticated.”

Separately, Darktrace said it had previously rebuffed approaches from Thoma Bravo on the grounds that the offers were too low — something that the duo have now clearly resolved with the amended bid.

“The proposed offer represents an attractive premium and an opportunity for shareholders to receive the certainty of a cash consideration at a fair value for their shares,” Darktrace chair Gordon Hurst said. “The proposed acquisition will provide Darktrace access to a strong financial partner in Thoma Bravo, with deep software sector expertise, who can enhance the company’s position as a best-in-class cyber AI business headquartered in the U.K.”

The deal is of course still subject to shareholder approval, but the companies said that they expect to complete the transaction by the end of 2024.


Software Development in Sri Lanka

Robotic Automations

Rubrik's shares climb 20% in its public debut | TechCrunch

April 25, 2024 11:28 PM0


Rubrik shares hit the New York Stock Exchange Thursday debuting at $38 a share. The cybersecurity company priced it shares at $32 apiece Wednesday night, just a hair over its initial target range of $29 to $31 after raising $752 million. This share price gives Rubrik a fully diluted valuation of $6.6 billion, up 88% from its last primary valuation of $3.5 billion in 2019.

Rubrik sells cloud-based security software to enterprise customers and has 1,700 customers with contracts worth more than $100,000 and 100 customers who pay the company more than $1 million a year. The Silicon Valley startup was founded in 2014 and has raised more than $550 million in venture capital, according to Crunchbase data.

The VCs hoping the most that Rubrik’s stock keeps climbing are Lightspeed and Greylock. Lightspeed backed the company in five separate rounds, including leading the company’s Series A round back in 2015. Lightspeed, and those affiliated with it, own 23.9% of Rubrik’s shares prior to the IPO, according the company’s S-1 filing. The firms’ conviction in the company might come from the fact that Rubrik co-founder and CEO, Bipul Sinha, was formerly a partner at Lightspeed from 2010 to 2014. Sinha owns 7.6% of shares.

Greylock holds 12.2% of Rubrik’s shares. The venture firm led the startup’s $41 million Series B round in 2016 and participated in the Series C and Series D rounds as well. Greylock partner Asheem Chandna has sat on the company’s board since 2015.

In addition to Sinha, Rubrik’s other two co-founders hold notable stakes. Arvind Jain, a co-founder who is now the CEO of AI work assistant startup Glean, holds a 7% stake. Arvind Nithrakashyap, co-founder and current Rubrik CTO, holds 6.7%.

Other big-name VCs backed the company, too. Khosla Ventures led Rubrik’s Series C round in 2016; IVP led the company’s Series D round in 2017; and Bain Capital Ventures led the company’s Series E round in 2019. It’s unclear what percentage of shares these firms still own, but it’s under 5%, as none of these investors were named in the company’s S-1. NBA All-Star Kevin Durant’s Thirty Five Ventures was also an investor.

The results of Rubrik’s IPO are under more scrutiny than some of the other recent public listings, because Rubrik’s debut looks more like a 2021 IPO and less like the other 2024 IPOs. Ibotta debuted as a profitable company. Astera Labs and Reddit both had recently swung to a GAAP net profit. Rubrik, however, is as an unprofitable business seeing its losses continue to grow, not shrink.

The company reported that its revenue grew a little under 5% from its fiscal 2023 year to its fiscal 2024 year, growing from $599.8 million to $627.9 million. At the same time, the company’s losses continued to grow: Its net losses grew from 46% in its fiscal 2023 to 56% in its fiscal 2024 year.

The company’s metrics do have a bright spot, however: subscription revenue. In the company’s most recent fiscal quarter, subscriptions made up 91% of the revenue, up from 73% a year prior. Subscription revenue tends to be sticky, and growth there could explain why some investors are more confident about the future prospects of Rubrik despite its current losses and lack of profitability.

Rubrik is the fourth venture-backed company to go public in recent months as investors seem eager to reopen the IPO market. All three companies that went before Rubrik — Ibotta, Reddit and Astera Labs — popped on the first day of trading and have all since settled, some in better positions than others. But none has been a disaster or negative omen for other potential IPOs this year.

While four positive IPO debuts could spark more companies to come off of the sidelines, the current guidance that interest rate cuts may not come as early in 2024 as many had predicted may put a damper on the the IPO market’s recent momentum.


Software Development in Sri Lanka

Robotic Automations

Ex-NSA hacker and ex-Apple researcher launch startup to protect Apple devices | TechCrunch

April 25, 2024 5:48 PM0


Two veteran security experts are launching a startup that aims to help other makers of cybersecurity products to up their game in protecting Apple devices.

Their startup is called DoubleYou, the name taken from the initials of its co-founder, Patrick Wardle, who worked at the U.S. National Security Agency between 2006 and 2008. Wardle then worked as an offensive security researcher for years before switching to independently researching Apple macOS defensive security. Since 2015, Wardle has developed free and open-source macOS security tools under the umbrella of his Objective-See Foundation, which also organizes the Apple-centric Objective By The Sea conference.

His co-founder is Mikhail Sosonkin, who was also an offensive cybersecurity researcher for years before working at Apple between 2019 and 2021. Wardle, who described himself as “the mad scientist in the lab,” said Sosonkin is the “right partner” he needed to make his ideas reality.

“Mike might not hype himself up, but he is an incredible software engineer,” Wardle said.

The idea behind DoubleYou is that, compared to Windows, there still are only a few good security products for macOS and iPhones. And that’s a problem because Macs are becoming a more popular choice for companies all over the world, meaning malicious hackers are also increasingly targeting Apple computers. Wardle and Sosonkin said there aren’t as many talented macOS and iOS security researchers, which means companies are struggling to develop their products.

Wardle and Sosonkin’s idea is to take a page out of the playbook of hackers that specialize in attacking systems, and applying it to defense. Several offensive cybersecurity companies offer modular products, capable of delivering a full chain of exploits, or just one component of it. The DoubleYou team wants to do just that — but with defensive tools.

“Instead of building, for example, a whole product from scratch, we really took a step back, and we said ‘hey, how do the offensive adversaries do this?’” Wardle said in an interview with TechCrunch. “Can we basically take that same model of essentially democratizing security but from a defensive point of view, where we develop individual capabilities that then we can license out and have other companies integrate into their security products?”

Wardle and Sosonkin believe that they can.

And while the co-founders haven’t decided on the full list of modules they want to offer, they said their product will certainly include a core offering, which includes the analyzing all new process to detect and block untrusted code (which in MacOS means they are not “notarized” by Apple), and monitoring for and blocking anomalous DNS network traffic, which can uncover malware when it connects to domains known to be associated to hacking groups. Wardle said that these, at least for now, will be primarily for macOS.

Also, the founders want to develop tools to monitor software that wants to become persistent — a hallmark of malware, to detect cryptocurrency miners and ransomware based on their behavior, and to detect when software tries to get permission to use the webcam and microphone.

Sosonkin described it as “an off-the-shelf catalog approach,” where every customer can pick and choose what components they need to implement in their product. Wardle described it as being like a supplier of car parts, rather than the maker of the whole car. This approach, Wardle added, is similar to the one he took in developing the various Objective-See tools such as Oversight, which monitors microphone and webcam usage; and KnockKnock, which monitors if an app wants to become persistent.

“We don’t need to use new technology to make this work. What we need is to actually take the tools available and put them in the right place,” Sosonkin said.

Wardle and Sosonkin’s plan, for now, is not to take any outside investment. The co-founders said they want to remain independent and avoid some of the pitfalls of getting outside investment, namely the need to scale too much and too fast, which will allow them to focus on developing their technology.

“Maybe in a way, we are kind of like foolish idealists,” Sosonkin said. “We just want to catch some malware. I hope we can make some money in the process.”


Software Development in Sri Lanka

Robotic Automations

Security bugs in popular phone-tracking app iSharing exposed users' precise locations | TechCrunch

April 25, 2024 4:27 AM0


Last week when a security researcher said he could easily obtain the precise location from any one of the millions of users of a widely used phone-tracking app, we had to see it for ourselves.

Eric Daigle, a computer science and economics student at the University of British Columbia in Vancouver, found the vulnerabilities in the tracking app iSharing as part of an investigation into the security of location-tracking apps. iSharing is one of the more popular location-tracking apps, claiming more than 35 million users to date.

Daigle said the bugs allowed anyone using the app to access anyone else’s coordinates, even if the user wasn’t actively sharing their location data with anybody else. The bugs also exposed the user’s name, profile photo and the email address and phone number used to log in to the app.

The bugs meant that iSharing’s servers were not properly checking that app users were only allowed to access their location data or someone else’s location data shared with them.

Location-tracking apps — including stealthy “stalkerware” apps — have a history of security mishaps that risk leaking or exposing users’ precise location.

In this case, it took Daigle only a few seconds to locate this reporter down to a few feet. Using an Android phone with the iSharing app installed and a new user account, we asked the researcher if he could pull our precise location using the bugs.

“770 Broadway in Manhattan?” Daigle responded, along with the precise coordinates of TechCrunch’s office in New York from where the phone was pinging out its location.

The security researcher pulled our precise location data from iSharing’s servers, even though the app was not sharing our location with anybody else. Image Credits: TechCrunch (screenshot)

Daigle shared details of the vulnerability with iSharing some two weeks earlier but had not heard anything back. That’s when Daigle asked TechCrunch for help in contacting the app makers. iSharing fixed the bugs soon after or during the weekend of April 20-21.

“We are grateful to the researcher for discovering this issue so we could get ahead of it,” iSharing co-founder Yongjae Chuh told TechCrunch in an email. “Our team is currently planning on working with security professionals to add any necessary security measures to make sure every user’s data is protected.”

iSharing blamed the vulnerability on a feature it calls groups, which allows users to share their location with other users. Chuh told TechCrunch that the company’s logs showed there was no evidence that the bugs were found prior to Daigle’s discovery. Chuh conceded that there “may have been oversight on our end,” because its servers were failing to check if users were allowed to join a group of other users.

TechCrunch held the publication of this story until Daigle confirmed the fix.

“Finding the initial flaw in total was probably an hour or so from opening the app, figuring out the form of the requests, and seeing that creating a group on another user and joining it worked,” Daigle told TechCrunch.

From there, he spent a few more hours building a proof-of-concept script to demonstrate the security bug.

Daigle, who described the vulnerabilities in more detail on his blog, said he plans to continue research in the stalkerware and location-tracking area.

Read more on TechCrunch:

To contact this reporter, get in touch on Signal and WhatsApp at +1 646-755-8849, or by email. You can also send files and documents via SecureDrop.


Software Development in Sri Lanka

Robotic Automations

UnitedHealth says Change hackers stole health data on 'substantial proportion of people in America' | TechCrunch

April 23, 2024 4:16 AM0


Health insurance giant UnitedHealth Group has confirmed that a ransomware attack on its health tech subsidiary Change Healthcare earlier this year resulted in a huge theft of Americans’ private healthcare data.

UnitedHealth said in a statement on Monday that a ransomware gang took files containing personal data and protected health information that it says may “cover a substantial proportion of people in America.”

The health insurance giant did not say how many Americans are affected but said the data review was “likely to take several months” before the company would begin notifying individuals that their information was stolen in the cyberattack.

Change Healthcare processes insurance and billing for hundreds of thousands of hospitals, pharmacies and medical practices across the U.S. healthcare sector; it has access to massive amounts of health information on about half of all Americans.

UnitedHealth said it had not yet seen evidence that doctors’ charts or full medical histories were exfiltrated from its systems.

The admission that hackers stole Americans’ health data comes a week after a new hacking group began publishing portions of the stolen data in an effort to extort a second ransom demand from the company.

The gang, which calls itself RansomHub, published several files on its dark web leak site containing personal information about patients across an array of documents, some of which included internal files related to Change Healthcare. RansomHub said it would sell the stolen data unless Change Healthcare pays a ransom.

RansomHub is the second gang to demand a ransom from Change Healthcare. The health tech giant reportedly paid $22 million to a Russia-based criminal gang called ALPHV in March, which then disappeared, stiffing the affiliate that carried out the data theft out of their portion of the ransom.

RansomHub claimed in its post alongside the published stolen data that “we have the data and not ALPHV.”

In its statement Monday, UnitedHealth acknowledged the publication of some of the files but stopped short of claiming ownership of the documents. “This is not an official breach notification,” UnitedHealth said.

The Wall Street Journal reported Monday that the criminal hacking affiliate of ALPHV broke into Change Healthcare’s network using stolen credentials for a system that allows remote access to its network. The hackers were in Change Healthcare’s network for more than a week before deploying ransomware, allowing the hackers to steal significant amounts of data from the company’s systems.

The cyberattack at Change Healthcare began on February 21 and resulted in ongoing widespread outages at pharmacies and hospitals across the United States. For weeks, physicians, pharmacies and hospitals could not verify patient benefits for dispensing medications, organizing inpatient care, or processing prior authorizations necessary for surgeries.

Much of the U.S. healthcare system ground to a halt, with healthcare providers facing financial pressure as backlogs grow and outages linger.

UnitedHealth reported last week that the ransomware attack has cost it more than $870 million in losses. The company reported it made $99.8 billion in revenue during the first three months of the year, faring better than what Wall Street analysts had expected.

UnitedHealth CEO Andrew Witty, who received close to $21 million in total compensation the full year of 2022, is set to testify to House lawmakers on May 1.

Change Healthcare stolen patient data leaked by ransomware gang


Software Development in Sri Lanka

Robotic Automations

US government says security flaw in Chirp Systems' app lets anyone remotely control smart home locks | TechCrunch

April 23, 2024 12:46 AM0


A vulnerability in a smart access control system used in thousands of U.S. rental homes allows anyone to remotely control any lock in an affected home. But Chirp Systems, the company that makes the system, has ignored requests to fix the flaw.

U.S. cybersecurity agency CISA went public with a security advisory last week saying that the phone apps developed by Chirp, which residents use in place of a key to access their homes, “improperly stores” hardcoded credentials that can be used to remotely control any Chirp-compatible smart lock.

Apps that rely on passwords stored in its source code, known as hardcoding credentials, are a security risk because anyone can extract and use those credentials to perform actions that impersonate the app. In this case, the credentials allowed anyone to remotely lock or unlock a Chirp-connected door lock over the internet.

In its advisory, CISA said that successful exploitation of the flaw “could allow an attacker to take control and gain unrestricted physical access” to smart locks connected to a Chirp smart home system. The cybersecurity agency gave the vulnerability severity score of 9.1 out of a maximum of 10 for its “low attack complexity” and for its ability to be remotely exploited.

The cybersecurity agency said Chirp Systems has not responded to either CISA or the researcher who found the vulnerability.

Security researcher Matt Brown told veteran security journalist Brian Krebs that he notified Chirp of the security issue in March 2021 but that the vulnerability remains unfixed.

Chirp Systems is one of a growing number of companies in the property tech space that provide keyless access controls that integrate with smart home technologies to rental giants. Rental companies are increasingly forcing renters to allow the installation of smart home equipment as dictated by their leases, but it’s murky at best who takes responsibility or ownership when security problems arise.

Real estate and rental giant Camden Property Trust signed a deal in 2020 to roll out Chirp-connected smart locks to more than 50,000 units across over a hundred properties. It’s unclear if affected properties like Camden are aware of the vulnerability or have taken action. Kim Callahan, a spokesperson for Camden, did not respond to a request for comment.

Chirp was bought by property management software giant RealPage in 2020, and RealPage was acquired by private equity giant Thoma Bravo later that year in a $10.2 billion deal. RealPage is facing several legal challenges over allegations its rent-setting software uses secret and proprietary algorithms to help landlords raise the highest possible rents on tenants.

Neither RealPage nor Thoma Bravo have yet to acknowledge the vulnerabilities in the software it acquired, nor say if they plan on notifying affected residents of the security risk.

Jennifer Bowcock, a spokesperson for RealPage, did not respond to requests for comment from TechCrunch. Megan Frank, a spokesperson for Thoma Bravo, also did not respond to requests for comment.

How did a rental startup I’d never heard of leak my home address?


Software Development in Sri Lanka

Robotic Automations

US says Russian hackers stole federal government emails during Microsoft cyberattack | TechCrunch

April 22, 2024 11:38 AM0


U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that Russian government-backed hackers stole emails from several U.S. federal agencies as a result of an ongoing cyberattack at Microsoft.

In a statement published Thursday, the U.S. cyber agency said the cyberattack, which Microsoft initially disclosed in January, allowed the hackers to steal federal government emails “through a successful compromise of Microsoft corporate email accounts.”

The hackers, which Microsoft calls “Midnight Blizzard,” also known as APT29, are widely believed to work for Russia’s Foreign Intelligence Service, or SVR.

“Midnight Blizzard’s successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies,” said CISA.

The federal cyber agency said it issued a new emergency directive on April 2 ordering civilian government agencies to take action to secure their email accounts, based on new information that the Russian hackers were ramping up their intrusions. CISA made details of the emergency directive public on Thursday after giving affected federal agencies a week to reset passwords and secure affected systems.

CISA did not name the affected federal agencies that had emails stolen, and a spokesperson for CISA did not immediately comment when reached by TechCrunch.

News of the emergency directive was first reported by Cyberscoop last week.

The emergency directive comes as Microsoft faces increasing scrutiny of its security practices after a spate of intrusions by hackers of adversarial nations. The U.S. government is heavily reliant on the software giant for hosting government emails accounts.

Microsoft went public in January after identifying that the Russian hacking group broke into some corporate email systems, including the email accounts of “senior leadership team and employees in our cybersecurity, legal, and other functions.” Microsoft said the Russian hackers were searching for information about what Microsoft and its security teams knew about the hackers themselves. Later, the technology giant said the hackers also targeted other organizations outside of Microsoft.

Now it is known that some of those affected organizations included U.S. government agencies.

By March, Microsoft said it was continuing its efforts to expel the Russian hackers from its systems in what the company described as an “ongoing attack.” In a blog post, the company said the hackers were attempting to use “secrets” they had initially stolen in order to access other internal Microsoft systems and exfiltrate more data, such as source code.

Microsoft did not immediately comment when asked by TechCrunch on Thursday what progress the company is making in remediating the attack since March.

Earlier this month, the U.S. Cyber Safety Review Board (CSRB) concluded its investigation of an earlier 2023 breach of U.S. government emails attributed to China government-backed hackers. The CSRB, an independent body that includes representatives from government and cyber experts in the private sector, blamed a “cascade of security failures at Microsoft.” Those allowed the China-backed hackers to steal a sensitive email key that permitted broad access to both consumer and government emails.

In February, the U.S. Department of Defense notified 20,000 individuals that their personal information was exposed to the internet after a Microsoft-hosted cloud email server was left without a password for several weeks in 2023.

Russian spies keep hacking into Microsoft in ‘ongoing attack,’ company says


Software Development in Sri Lanka

Robotic Automations

Lawmakers vote to reauthorize US spying law that critics say expands government surveillance | TechCrunch

April 20, 2024 7:24 PM0


Lawmakers passed legislation early Saturday reauthorizing and expanding a controversial U.S. surveillance law shortly after the powers expired at midnight, rejecting opposition by privacy advocates and lawmakers.

The bill, which passed on a 60-34 vote, reauthorizes powers known as Section 702 under the Foreign Intelligence Surveillance Act (FISA), which allows the government to collect the communications of foreign individuals by accessing records from tech and phone providers. Critics, including lawmakers who voted against the reauthorization, say FISA also sweeps up the communications of Americans while spying on its foreign targets.

White House officials and spy chiefs rallied behind efforts to reauthorize FISA, arguing the law prevents terrorist and cyber attacks and that a lapse in powers would harm the U.S. government’s ability to gather intelligence. The Biden administration claims the majority of the classified information in the president’s daily intelligence briefing derives from the Section 702 program.

Privacy advocates and rights groups rejected the reauthorization of FISA, which does not require the FBI or the NSA to obtain a warrant before searching the Section 702 database for Americans’ communications. Accusations that the FBI and the NSA abused their authority to conduct warrantless searches on Americans’ communications became a key challenge for some Republicans initially seeking greater privacy protections.

Bipartisan efforts aimed to require the government obtain a warrant before searching its databases for Americans’ communications. But these failed ahead of the final vote on the Senate floor.

Following the passage in the early hours of today, Senator Mark Warner, who chairs the Senate Intelligence Committee, said that FISA was “indispensable” to the U.S. intelligence community.

The bill now goes to the President’s desk, where it will almost certainly pass into law.

FISA became law in 1978 prior to the advent of the modern internet. It started to come under increased public scrutiny in 2013 after a massive leak of classified documents exposed the U.S. government’s global wiretapping program under FISA, which implicated several major U.S. tech companies and phone companies as unwilling participants.

The Senate was broadly expected to pass the surveillance bill into law, but it faced fresh opposition after the House passed last week its version of the legislation that critics said would extend the reach of FISA to also include smaller companies and telecom providers not previously subject to the surveillance law.

Communications providers largely opposed the House’s expanded definition of an “electronic communications service provider,” which they said would unintentionally include companies beyond the big tech companies and telecom providers who are already compelled to hand over users’ data.

An amendment, introduced by Sen. Ron Wyden, to remove the expanded measure from the bill failed to pass in a vote.

Wyden, a Democratic privacy hawk and member of the Senate Intelligence Committee, accused senators of waiting “until the 11th hour to ram through renewal of warrantless surveillance in the dead of night.”

“Time after time anti-reformers pledge that their band-aid changes to the law will curb abuses, and yet every time, the public learns about fresh abuses by officials who face little meaningful oversight,” said Wyden in a statement.

In the end, the bill passed soon after midnight.

Despite the last-minute rush to pass the bill, a key provision in FISA prevents the government’s programs under Section 702 from suddenly shutting down in the event of lapsed legal powers. FISA requires the government to seek an annual certification from the secretive FISA Court, which oversees and approves the government’s surveillance programs. The FISA Court last certified the government’s surveillance program under Section 702 in early April, allowing the government to use its lapsed authority until at least April 2025.

FISA will now expire at the end of 2026, setting up a similar legislative showdown midway through the next U.S. administration.

NSA is buying Americans’ internet browsing records without a warrant


Software Development in Sri Lanka

Robotic Automations

US government urges Sisense customers to reset credentials after hack | TechCrunch

April 20, 2024 3:51 AM0


U.S. cybersecurity agency CISA is warning Sisense customers to reset their credentials and secrets after the data analytics company reported a security incident.

In a brief statement on Thursday, CISA said it was responding to a “recent compromise” at Sisense, which provides business intelligence and data analytics to companies around the world.

CISA urged Sisense customers to “reset credentials and secrets potentially exposed to, or used to access, Sisense services,” and report to the agency any suspicious activity involving the use of compromised credentials.

The exact nature of the cybersecurity incident is not clear yet.

Founded in 2004, Sisense develops business intelligence and data analytics software for big companies, including telcos, airlines and tech giants. Sisense’s technology allows organizations to collect, analyze and visualize large amounts of their corporate data by tapping directly into their existing technologies and cloud systems.

Companies like Sisense rely on using credentials, such as passwords and private keys, to access a customer’s various stores of data for analysis. With access to these credentials, an attacker could potentially also access a customer’s data.

CISA said it is “taking an active role in collaborating with private industry partners to respond to this incident, especially as it relates to impacted critical infrastructure sector organizations.”

Sisense counts Air Canada, PagerDuty, Philips Healthcare, Skullcandy and Verizon as its customers, as well as thousands of other organizations globally.

News of the incident first emerged on Wednesday after cybersecurity journalist Brian Krebs published a note sent by Sisense Chief Information Security Officer Sangram Dash urging customers to “rotate any credentials that you use within your Sisense application.”

Neither Dash nor a spokesperson for Sisense responded to an email seeking comment.

Israeli media reported in January that Sisense had laid off about half of its employees since 2022. It is unclear if the layoffs impacted the company’s security posture. Sisense has taken in close to $300 million in funding from investors, which include Insight Partners, Bessemer Ventures Partners and Battery Ventures.

Do you know more about the Sisense breach? To contact this reporter, get in touch on Signal and WhatsApp at +1 646-755-8849, or by email. You can also send files and documents via SecureDrop.


Software Development in Sri Lanka

Robotic Automations

Exclusive: Simbian brings AI to existing security tools

April 20, 2024 1:33 AM0


Ambuj Kumar is nothing if not ambitious.

An electrical engineer by training, Kumar led hardware design for eight years at Nvidia, helping to develop tech including a widely used high-speed memory controller for GPUs. After leaving Nvidia in 2010, Kumar pivoted to cybersecurity, eventually co-founding Fortanix, a cloud data security platform.

It was while heading up Fortanix that the idea for Kumar’s next venture came to him: an AI-powered tool to automate a company’s cybersecurity workflows, inspired by challenges he observed in the cybersecurity industry.

“Security leaders are stressed,” Kumar told TechCrunch. “CISOs don’t last more than a couple of years on average, and security analysts have some of the highest churn. And things are getting worse.”

Kumar’s solution, which he co-founded with former Twitter software engineer Alankrit Chona, is Simbian, a cybersecurity platform that effectively controls other cybersecurity platforms as well as security apps and tooling. Leveraging AI, Simbian can automatically orchestrate and operate existing security tools, finding the right configurations for each product by taking into account a company’s priorities and thresholds for security, informed by their business requirements.

With Simbian’s chatbot-like interface, users can type in a cybersecurity goal in natural language, then have Simbian provide personalized recommendations and generate what Kumar describes as “automated actions” to execute the actions (as best it can).

“Security companies have focused on making their own products better, which leads to a very fragmented industry,” Kumar said. “This results in a higher operational burden for organizations.”

To Kumar’s point, polls show that cybersecurity budgets are often wasted on an overabundance of tools. More than half of businesses feel that they’ve misspent around 50% of their budgets and still can’t remediate threats, according to one survey cited by Forbes. A separate study found that organizations now juggle on average 76 security tools, leading IT teams and leaders to feel overwhelmed.

“Security has been a cat-and-mouse game between attackers and defenders for a long time; the attack surface keeps growing due to IT growth,” Kumar said, adding that there’s “not enough talent to go around.” (One recent survey from Cybersecurity Ventures, a security-focused VC firm, estimates that the shortfall of cyber experts will reach 3.5 million people by 2025.)

In addition to automatically configuring a company’s security tools, the Simbian platform attempts to respond to “security events” by letting customers steer security while taking care of lower-level details. This, Kumar says, can significantly cut down on the number of alerts a security analyst must respond to.

But that assumes Simbian’s AI doesn’t make mistakes, a tall order, given that it’s well established that AI is error-prone.

To minimize the potential for off-the-rails behavior, Simbian’s AI was trained using a crowdsourcing approach — a game on its website called “Are you smarter than an LLM?” — that tasked volunteers with trying to “trick” the AI into doing the wrong thing. Kumar explained that Simbian used this learning, along with in-house researchers, to “ensure the AI does the right thing in its use cases.”

This means that Simbian effectively outsourced part of its AI training to unpaid gamers. But, to be fair, it’s unclear how many people actually played the company’s game; Kumar wouldn’t say.

There are privacy implications of a system that controls other systems, especially concerning those that are security-related. Would companies — and vendors, for that matter — be comfortable with sensitive data funneling through a single, AI-controlled centralized portal?

Kumar claims that every attempt has been made to protect against data compromise. Simbian uses encryption — customers control the encryption keys — and customers can delete their data at any time.

“As a customer, you have full control,” he said.

While Simbian isn’t the only platform to attempt to apply a layer of AI over existing security tools — Nexusflow offers a product along a similar vein — it appears to have won over investors. The company recently raised $10 million from investors including Coinbase board member Gokul Rajaram, Cota Capital partner Aditya Singh, Icon Ventures, Firebolt and Rain Capital.

“Cybersecurity is one of the most important problems of our time, and has famously fragmented ecosystem with thousands of vendors,” Rajaram told TechCrunch via email. “Companies have tried to build expertise around specific products and problems. I applaud Simbian’s method of building an integrated platform that would understand and operate all of security. While this is extremely challenging approach from technology perspective, I’ll put my money — and I did put my money — on Simbian. It’s the team with unique experience all the way from hardware to cloud.”

Mountain View-based Simbian, which has 15 employees, plans to put the bulk of the capital it’s raised toward product development. Kumar’s aiming to double the size of the startup’s workforce by the end of the year.


Software Development in Sri Lanka

Back
WhatsApp
Messenger
Viber