Tag: security

A 25-year-old police drone founder just raised $75M led by Index

Posted on by faz_business


If you ever call 911 from an area that’s hard to get to, you might hear the buzz of a drone well before a police cruiser pulls up. And there’s a good chance that it will be one made by Brinc Drones, a Seattle-based startup founded by 25-year-old Blake Resnick, who dropped out of college to run the company.

Brinc, which was founded in 2017 and counts OpenAI CEO Sam Altman as a seed-stage investor, just announced today that it has raised $75 million in new funding led by Index Ventures.

This brings the startup’s total funding to $157.2 million. While Brinc isn’t disclosing its exact valuation, Resnick told TechCrunch it’s an “up-round” compared to its most recent round, a $55 million Series B in 2022. Brinc was last valued at $300 million in 2023, Bloomberg reported.

Brinc sells a variety of drone systems to police and public safety agencies. It’s part of a broader trend of U.S. drone startups manufacturing domestically due to increasing restrictions against Chinese companies that dominate the commercial drone industry. (Resnick briefly interned at DJI, by far the biggest Chinese player, a few years before founding Brinc.)

With this funding, Brinc is launching a “strategic alliance” with Motorola Solutions, which also invested in the round. Motorola Solutions is a giant in the U.S. security industry whose software powers many 911 call centers. The partnership will integrate Brinc drones directly into those centers, allowing operators to dispatch drones for certain emergency calls if they’re cleared by an existing Motorola AI system.

Brinc is, however, in an increasingly competitive field with other U.S. startups like Flock Safety and Skydio. Each also offers drones for police, and have multibillion-dollar valuations. Flock stood at $7.5 billion in its latest round last month while Skydio was valued at $2.2 billion in 2023.

When it comes to the competition, Resnick tells TechCrunch that there’s plenty of room for growth in a market that is otherwise dominated by Chinese players. Beyond the Motorola partnership, he says Brinc offers its share of unique features, like the ability to break windows or deliver emergency medical devices.

Screenshot-reading malware cracks iPhone security for the first time

Posted on by faz_business


In the realm of smartphones, Apple’s ecosystem is deemed to be the safer one. Independent analysis by security experts has also proved that point repeatedly over the years. But Apple’s guardrails are not impenetrable. On the contrary, it seems bad actors have managed yet another worrying breakthrough.

As per an analysis by Kaspersky, malware with Optical Character Recognition (OCR) capabilities has been spotted on the App Store for the first time. Instead of stealing files stored on a phone, the malware scanned screenshots stored locally, analyzed the text content, and relayed the necessary information to servers.

The malware-seeding operation, codenamed “SparkCat,” targeted apps seeded from official repositories — Google’s Play Store and Apple’s App Store — and third-party sources. The infected apps amassed roughly a quarter million downloads across both platforms.

An app listed on the App Store infected by malware.
Kaspersky

Interestingly, the malware piggybacked atop Google’s ML Kit library, a toolkit that lets developers deploy machine learning capabilities for quick and offline data processing in apps. This ML Kit system is what ultimately allowed the Google OCR model to scan photos stored on an iPhone and recognize the text containing sensitive information.


Please enable Javascript to view this content

But it seems the malware was not just capable of stealing crypto-related recovery codes. “It must be noted that the malware is flexible enough to steal not just these phrases but also other sensitive data from the gallery, such as messages or passwords that might have been captured in screenshots,” says Kaspersky’s report.

Among the targeted iPhone apps was ComeCome, which appears to be a Chinese food delivery app on the surface, but came loaded with a screenshot-reading malware. “This is the first known case of an app infected with OCR spyware being found in Apple’s official app marketplace,” notes Kaspersky’s analysis.

One of the iPhone apps infected by OCR malware.
Kaspersky

It is, however, unclear whether the developers of these problematic apps were engaged in embedding the malware, or if it was a supply chain attack. Irrespective of the origin, the whole pipeline was quite inconspicuous as the apps seemed legitimate and catered to tasks such as messaging, AI learning, or food delivery. Notably, the cross-platform malware was also capable of obfuscating its presence, which made it harder to detect.

The primary objective of this campaign was extracting crypto wallet recovery phrases, which can allow a bad actor to take over a person’s crypto wallet and get away with their assets. The target zones appear to be Europe and Asia, but some of the hotlisted apps appear to be operating in Africa and other regions, as well.






US indicts five individuals in crackdown on North Korea’s illicit IT workforce

Posted on by faz_business


U.S. authorities have indicted five people over their alleged involvement in a multi-year scheme that saw them obtain remote IT employment with dozens of American companies.

The Department of Justice on Thursday announced the indictment of North Korean citizens Jin Sung-Il and Pak Jin-Song; Pedro Ernesto Alonso De Los Reyes of Mexico, and U.S. nationals Erick Ntekereze Prince and Emanuel Ashtor.

The DOJ said the FBI arrested Ntekereze and Ashtor, and a search of Ashtor’s home in North Carolina found evidence of a “laptop farm” that hosted company-provided laptops to deceive organizations into thinking they had hired workers based in the U.S.

Alonso was also arrested in the Netherlands after a U.S. warrant was issued.

According to the indictment, Ntekereze and Ashtor allegedly installed remote access software, including Anydesk and TeamViewer, on the company-provided devices, allowing the North Koreans to conceal their locations. The two Americans also provided Jin and Pak with forged identity documents, including U.S. passports and U.S. bank accounts.

The indictment alleges that the defendants gained employment from at least 64 American organizations over the course of the multi-year scheme, which ran from April 2018 through August 2024. These included a U.S. financial institution, a San Francisco-based technology company, and a Palo Alto-headquartered IT organization.

According to the Justice Department, payments from ten of those companies generated at least $866,255 in revenue, most of which was laundered through a Chinese bank account. 

“The Department of Justice remains committed to disrupting North Korea’s cyber-enabled sanctions-evading schemes, which seek to trick U.S. companies into funding the North Korean regime’s priorities, including its weapons programs,” Devin DeBacker, supervisory official with the Justice Department’s National Security Division, said in a statement. 

Alongside Thursday’s indictments, which come just days after the Treasury Department sanctioned two individuals and four entities for allegedly engaging in similar behavior, the FBI released an advisory warning that North Korean IT workers are increasingly engaging in malicious activity, including data extortion.

The agency said it has observed North Korean IT workers leveraging unlawful access to company networks to “exfiltrate proprietary and sensitive data, facilitate cyber-criminal activities, and conduct revenue-generating activity on behalf of the regime.”

A New Jam-Packed Biden Executive Order Tackles Cybersecurity, AI, and More

Posted on by faz_business


Four days before he leaves office, US president Joe Biden has issued a sweeping cybersecurity directive ordering improvements to the way the government monitors its networks, buys software, uses artificial intelligence, and punishes foreign hackers.

The 40-page executive order unveiled on Thursday is the Biden White House’s final attempt to kickstart efforts to harness the security benefits of AI, roll out digital identities for US citizens, and close gaps that have helped China, Russia, and other adversaries repeatedly penetrate US government systems.

The order “is designed to strengthen America’s digital foundations and also put the new administration and the country on a path to continued success,” Anne Neuberger, Biden’s deputy national security adviser for cyber and emerging technology, told reporters on Wednesday.

Looming over Biden’s directive is the question of whether president-elect Donald Trump will continue any of these initiatives after he takes the oath of office on Monday. None of the highly technical projects decreed in the order are partisan, but Trump’s advisers may prefer different approaches (or timetables) to solving the problems that the order identifies.

Trump hasn’t named any of his top cyber officials, and Neuberger said the White House didn’t discuss the order with his transition staff, “but we are very happy to, as soon as the incoming cyber team is named, have any discussions during this final transition period.”

The core of the executive order is an array of mandates for protecting government networks based on lessons learned from recent major incidents—namely, the security failures of federal contractors.

The order requires software vendors to submit proof that they follow secure development practices, building on a mandate that debuted in 2022 in response to Biden’s first cyber executive order. The Cybersecurity and Infrastructure Security Agency would be tasked with double-checking these security attestations and working with vendors to fix any problems. To put some teeth behind the requirement, the White House’s Office of the National Cyber Director is “encouraged to refer attestations that fail validation to the Attorney General” for potential investigation and prosecution.

The order gives the Department of Commerce eight months to assess the most commonly used cyber practices in the business community and issue guidance based on them. Shortly thereafter, those practices would become mandatory for companies seeking to do business with the government. The directive also kicks off updates to the National Institute of Standards and Technology’s secure software development guidance.

Another part of the directive focuses on the protection of cloud platforms’ authentication keys, the compromise of which opened the door for China’s theft of government emails from Microsoft’s servers and its recent supply-chain hack of the Treasury Department. Commerce and the General Services Administration have 270 days to develop guidelines for key protection, which would then have to become requirements for cloud vendors within 60 days.

To protect federal agencies from attacks that rely on flaws in internet-of-things gadgets, the order sets a January 4, 2027, deadline for agencies to purchase only consumer IoT devices that carry the newly launched US Cyber Trust Mark label.

Police operation claims takedown of prolific Redline and Meta password stealers

Posted on by faz_business


A coalition of international law enforcement agencies say they have disrupted the operations of two prolific infostealers that stole the sensitive data of millions of people. 

The Dutch National Police, who led the so-called “Operation Magnus” takedown, reports it gained “full access” to the servers used by the Redline and Meta infostealers. 

Infostealers are a type of malware specifically designed to extract sensitive information, such as passwords, credit card data, search histories, and the contents of cryptocurrency wallets, from an infected system. 

Redline is considered one of the most prolific strains of infostealer malware. Criminals have been using Redline, which has been active since 2020, to steal the sensitive data of hundreds of millions of people, according to a recent report. The malware has been attributed to a 2022 hack at Uber, the theft of login details from Worldcoin Orb operators, and the breach of a senior official at Israel’s National Cybersecurity Directorate

Meta is a relatively new infostealer, though Operation Magnus notes: “We gained full access to all Redline and Meta servers. Did you know they were actually pretty much the same?”  

In a video posted to the website on Monday, the agencies say they were able to access the usernames, passwords, IP addresses, timestamps and registration dates, along with the source code for both infostealers, and the Telegram bots used by the operators of the malware.

The agencies also teased a list of usernames belonging to “VIP” — or “very important to the police” — users of the Redline and Meta infostealers. It’s not yet clear if any arrests have been made as part of the operation, but the website claims that “legal actions are underway.”

Operation Magnus, which was supported by the U.S. Federal Bureau of Investigation and the U.K.’s National Crime Agency, was announced on a newly created website outing the Redline and Meta operations. Simone van Wordragen, a spokesperson for the Dutch National Police, told TechCrunch that it will release more information about the takedown on Tuesday.

A similar takedown approach was taken during the recent operation targeting LockBit, which saw police take control of the ransomware gang’s dark web leak site to post details of the operation. 

Hackers Threaten to Leak Planned Parenthood Data

Posted on by faz_business


Even those of you who do everything you can to secure those secrets can find yourself vulnerable—especially if you’re using a YubiKey 5 authentication token. The multifactor authentication devices can be cloned thanks to a cryptographic flaw that can’t be patched. The company has rolled out some mitigation measures—and the attack itself is relatively difficult to pull off. But it may be time to invest in a new dongle.

That’s not all, folks. Each week, we round up the privacy and security news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

At the end of August, cybercriminals from the ransomware group RansomHub appear to have hacked into the systems of Planned Parenthood’s Montana branch. The organization this week confirmed it had suffered from a “cybersecurity incident” on August 28 and said its staff immediately took parts of its network offline, reporting the incident to law enforcement.

Days after the incident took place, RansomHub claimed to be behind the attack, posting Planned Parenthood on its leak website. The criminal group said it would publish 93 GB of data. It is unclear what, if anything, the ransomware group has obtained, but Planned Parenthood clinics can hold a huge array of highly sensitive data about patients, including information on abortion appointments. (Around 400,000 Planned Parenthood patients in Los Angeles were impacted following a similar ransomware incident in 2021.)

In recent months, RansomHub has emerged as one of the most active ransomware-as-a-service groups, following the law enforcement disruption of LockBit. According to an FBI and Cybersecurity and Infrastructure Security Agency alert at the end of August, the group is “efficient and successful” and has stolen data from at least 210 victims since it formed in February. “The affiliates leverage a double-extortion model by encrypting systems and exfiltrating data to extort victims,” the alert said.

The Nigeria-based scammers known as the Yahoo Boys run almost every scam in the playbook—from romance scams to pretending to be FBI agents. Yet there’s little-more devious than the increase in sextortion cases linked to the West African scammers. This week, Nigerian brothers Samuel Ogoshi and Samson Ogoshi were sentenced to more than 17 years in US jail for running sextortion scams, following their extradition earlier this year. It is the first time Nigerian scammers have been prosecuted for sextortion in the US, the BBC reported.

The Ogoshi brothers, who pleaded guilty in April, have been linked to the death of 17-year-old Jordan DeMay, who took his life six hours after he started talking to the scammers, who posed as a girl, on Instagram. The teenager had been duped into sending the brothers explicit images, and after he had done so, they threatened to post the images online unless he paid them hundreds of dollars. US prosecutors said the brothers sexually exploited and extorted more than 100 victims, with at least 11 of them being minors. There has been a huge spike in sextortion cases in recent years.

In June, the US Commerce Department banned the sale of Kaspersky’s antivirus tools over national security concerns about its links to the Russian government. (Kaspersky has, for years, denied connections). The firm later fired its workers and said it was closing its US business. This week, cybersecurity company Pango Group announced it is purchasing Kaspersky Lab’s US antivirus customers, according to Axios. This equates to around 1 million customers, who will be transitioned to Pango’s antivirus software Ultra AV. Ahead of the Kaspersky deal, parent company Aura also announced it was spinning out Pango Group into its own business. Pango’s president said customers would not need to take any action and that it would allow subscribers to continue to receive updates after September 29, when Kaspersky updates will stop.

For years, the EU has been trying to introduce new child protection laws that would require private chats to be scanned for child sexual abuse material—something that would potentially undermine encrypted messaging apps that provide everyday privacy to billions of people. The plans have been highly controversial and were shelved earlier this year. However, the proposed law, which has been dubbed “chat control,” reappeared in legislators’ in-trays this week. The Council of the EU, which is currently chaired by Hungary, wants to pass legislation by October, but reports say strong resistance to the plans still remain.

Your Gym Locker May Be Hackable

Posted on by faz_business


Thousands of electronic lockers found in gyms, offices, and schools could be vulnerable to attacks by criminals using cheap hacking tools to access administrator keys, according to new research.

At the Defcon security conference on Sunday, security researchers Dennis Giese and “braelynn” demonstrated a proof-of-concept attack showing how digital management keys could be extracted from lockers, copied, and then used to open other lockers in the same location. The researchers focused on various models of electronic locks from two of the world’s biggest manufacturers, Digilock and Schulte-Schlagbaum.

Over the past few years, the researchers, who both have backgrounds in lock picking, have been examining various electronic locks that use numerical keypads, allowing people to set and open them with a PIN. The work comes on the back of various examples of hotel door locks being found to be hackable, vulnerabilities in high-security locks, and commercial safes being alleged to have backdoors.

For the research, Giese and braelynn purchased electronic locks on eBay, snapping up those sold after some gyms closed during the Covid-19 pandemic and from other failed projects. Giese focused on Digilock, while braelynn looked at Schulte-Schlagbaum. Over the course of the research, they looked at legacy models from Digilock dating from 2015 to 2022 and models from Schulte-Schlagbaum from 2015 to 2020. (They also purchased some physical management keys for Digilock systems.)

Showing how security flaws could be abused by a prepared hacker, the researchers say they can take the electronic lock apart, then extract the device’s firmware and stored data. This data, Giese says, can contain PINs that have been set, management keys, and programming keys. The manager key ID can be copied to a Flipper Zero or cheap Arduino circuit board and used to open other lockers, Giese says.

“If you access one lock, we can open all of them in whatever the unit is—the whole university, the whole company,” Giese says. “We can clone and emulate keys very easily, and the tools aren’t that complicated.” Whoever owns the lockers manages them, Giese says.

Ahead of developing this proof-of-concept attack, Giese says, it took some time and effort to understand how the locker systems function. They took the locks apart and used cheap debugging tools to access the devices’ erasable, programmable read-only memory, known as EEPROM. Often, in the locks they tested, this was not secured, allowing data to be pulled from the system.

“From the EEPROM, we can pull out the programming key ID, all manager key IDs, and the user PIN/ User RFID UID,” Giese says. “Newer locks erase the set user PIN when the locker is unlocked. But the PIN remains if the locker was opened with a manager key/programming key.”

The researchers say they reported the findings to both impacted companies, adding they had spoken to Digilock about the findings. Digilock tells WIRED it has issued a fix for vulnerabilities found. The researchers say Schulte-Schlagbaum did not respond to their reports; the company did not respond to WIRED’s request for comment.

Apple alerts users in 92 nations to mercenary spyware attacks

Posted on by faz_business


Apple sent threat notifications to iPhone users in 92 countries on Wednesday, warning them that may have been targeted by mercenary spyware attacks.

The company sent the alerts to individuals in 92 nations at 12pm Pacific Time Wednesday. It did not disclose the attackers’ identities or the countries where users received notifications.

“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-,” it wrote in the warning to affected customers.

“This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously,” Apple added in the text, a copy of which TechCrunch reviewed.

The iPhone-maker sends these kind of notifications multiple times a year and has notified users to such threats in over 150 countries since 2021, per an updated Apple support page.

It also sent an identical warning to a number of journalists and politicians in India in October last year. Later, nonprofit advocacy group Amnesty International reported that it had found Israeli spyware maker NSO Group’s invasive spyware Pegasus on the iPhones of prominent journalists in India. (Users in India are among those who have received Apple’s latest threat notifications, according to people familiar with the matter.)

The spyware alerts arrive at a time when many nations are preparing for elections. In recent months, many tech firms have cautioned about rising state-sponsored efforts to sway certain electoral outcomes. Apple’s alerts, however, did not remark on their timing.

“We are unable to provide more information about what caused us to send you this notification, as that may help mercenary spyware attackers adapt their behavior to evade detection in the future,” the company told impacted customers.

It previously described the attackers as “state-sponsored” but has replaced all such references with “mercenary spyware attacks.”

The warning to customers adds: “Mercenary spyware attacks, such as those using Pegasus from the NSO Group, are exceptionally rare and vastly more sophisticated than regular cybercriminal activity or consumer malware.”

Apple said it relies solely on “internal threat-intelligence information and investigations to detect such attacks.” “Although our investigations can never achieve absolute certainty, Apple threat notifications are high-confidence alerts that a user has been individually targeted by a mercenary spyware attack and should be taken very seriously,” it added.

Visual Studio Geeks | Exploring GitHub Advanced Security for Azure DevOps

Posted on by faz_business


It has been a few months since GitHub Advanced Security (GHAS) has been made generally available for Azure DevOps. During this time, I’ve engaged with numerous customers eager to implement GHAS within their Azure subscriptions. In this post, I wanted to show you a quick way to set up GHAS within Azure DevOps and explore the features available.

Enabling Advanced Security in Azure DevOps

This is easy, however, you need to be a member of the Project Collection Administrator group. You can verify that from Organization Settings -> Permissions and then the Members tab. You should see your name.

Once you have verified you are a Project Collection Administrator, you are ready to enable GHAS.

You can enable GHAS either individually per repo or across the organisation for all the repositories.

If you want to enable it for all the repositories in your organization, you will need to go to organization settings and then the Repositories section and enable it there.

For this post, I am enabling it only for a single repository. Once you click the Advanced Security flag (1), you will be prompted to show the number of committers you will be billed against (more on billing below). This repository has only me committing to it, so it has correctly identified 1 active committer (2).

Once you click Begin billing GHAS should be enabled.

If your ADO instance does not have a linked and active subscription, you might get the below error.

You will need to select an active Azure subscription under the Billing tab under organization settings in ADO.

Once you select a valid subscription, you will be able to enable GHAS for the repositories.

Exploring GHAS features

Block secrets on push

Once you enable GHAS, by default Block secrets on push feature is enabled too. With this setting enabled, ADO will automatically check any incoming pushes for embedded secrets and reject them automatically. Not only works on CLI, but it works on the web interface too.

For a simple test, below I am trying to commit a file with the GitHub API key, and it was rejected.

Note that at the time of writing this GHAS supports secrets push protection only for certain service providers. Although secrets from the majority of service providers are supported, I was surprised to see GitLab personal access token is not supported yet.

Although not recommended, there is a way to push a secret that has been blocked. To push, you need to have skip-secret-scanning:true in your commit message.

This will allow the secret to be committed, however, it will be caught in the Secret scanning alert (more on that below).

The great thing about GHAS is that clicking on the alert will give you remediation steps too.

Dependency Scanning and Code Scanning

Dependency and Code scanning are additional features of GHAS. Dependency scanning will scan any vulnerabilities in your repo from your open-source dependencies. Code scanning will scan your source code (from supported languages) for vulnerabilities.

Both these tasks are enabled through pipeline tasks. On any GHAS-enabled repo, you will be able to run the pipeline with these tasks and get the status of the repo.

You can create a pipeline and add the tasks for dependency and code scanning.

However, this post has already gotten super long than I intended it to be, I will probably do another post and explore both of those functionalities in detail.

Pricing

GHAS for Azure DevOps is a paid product and is available only for Azure DevOps Services. For Azure DevOps Service linked to an Azure Subscription, this will automatically be visible in your billing for subscription. At the time of writing this, it costs 49$ per active committer per month.

That is it for this post. Thank you for reading. 🎉