Risk Intelligence Startup RIIG Raises $3 Million
RIIG, short for Riggleman Information & Intelligence Group, has successfully raised $3 million in a seed funding round led by Felton Group. Based in Charlottesville, Virginia, RIIG specializes in open-source intelligence (OSINT) tools tailored for Zero Trust architectures, aiming to enhance organizational security and risk management.
RIIG combines AI and ML technologies with data from intelligence agencies and partnerships with academic institutions to deliver advanced solutions. Its product suite includes:
- ACTIVE: An analytical ecosystem for risk intelligence.
- Aegis AI: A cutting-edge cybersecurity platform.
- FinaSense: A compliance and risk management tool for banking.
- LegiSense: Legislative and regulatory research assistance.
Additionally, RIIG offers cybersecurity services such as Zero Trust maturity assessments, red teaming, secure system design, and employee cyber resilience training. The funding will accelerate the launch of its AI-powered solutions and support customer service expansion.
Twine Snags $12M for AI-Powered ‘Digital Employees’ Tech
Tel Aviv-based startup Twine, co-founded by cybersecurity veteran Benny Porat, has emerged from stealth with $12 million in seed funding co-led by Ten Eleven Ventures and Dell Technologies Capital. The startup is pioneering AI-driven "digital cyber employees" to address the global cybersecurity skills gap.
Twine's digital employees aim to automate repetitive but critical security tasks, starting with Identity and Access Management (IAM). The founding team brings deep cybersecurity expertise, with co-founders hailing from industrial control security firm Claroty.
The funding will fuel the development of Twine’s platform, enhancing its automation capabilities for IAM and potentially other security operations.
Surf Security Adds Deepfake Detection Tool to Enterprise Browser
London-based Surf Security has launched a deepfake detection tool, Deepwater, integrated into its Enterprise Zero-Trust Browser. The tool, currently in beta, boasts 98% accuracy in identifying deepfake audio and video content.
Deepwater operates across popular communication platforms like Zoom, Slack, Microsoft Teams, and WhatsApp, providing real-time alerts for AI-generated fakes. The technology leverages neural networks and state-space models for high-speed, accurate detection, even in noisy environments.
Surf's broader browser features include data leakage prevention, anti-social engineering measures, and secure access controls. The startup plans to extend its capabilities with AI image detection in future updates.
D-Link Warns of RCE Vulnerability in Legacy Routers
D-Link has issued a warning about a critical remote code execution (RCE) vulnerability impacting six legacy router models. The affected devices, including DSR-150 and DSR-1000N, have reached End of Life (EOL) and will not receive patches.
The vulnerability, a buffer overflow issue, allows remote attackers to execute arbitrary code. D-Link recommends users upgrade to supported products and is offering discounts on newer models for U.S.-based users.
The issue underscores the risks of using outdated hardware, as attackers often target unpatched legacy devices. For mitigation strategies, consult D-Link's advisory.
CISA Warns of Progress Kemp LoadMaster Vulnerability Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Progress Kemp LoadMaster to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, tracked as CVE-2024-1212, is a command injection issue in the LoadMaster web administration interface that allows attackers to fully compromise affected appliances. A patch was released in February, but ongoing concerns highlight the urgency for organizations to update their systems.
CISA has not provided details on the attacks exploiting CVE-2024-1212, nor have there been recent reports of successful exploitation. However, SonicWall noted in a March 27 blog post that it had observed thousands of attempts to exploit the vulnerability during late March. While SonicWall initially stated it had “confirmed active exploitation,” the company later revised its statement to clarify that it had only detected exploitation attempts, not successful attacks.
It remains unclear whether CISA’s inclusion of CVE-2024-1212 in the KEV catalog is based on SonicWall’s earlier report or more recent intelligence. CISA has also previously issued alerts for other Progress product vulnerabilities exploited in the wild, including those affecting WhatsUp Gold and Telerik.
Organizations using Progress Kemp LoadMaster are strongly advised to apply the available patches immediately and monitor systems for potential exploitation attempts. For further updates, visit CISA's advisory.
GitHub Launches Fund to Improve Open Source Project Security
GitHub has launched the Secure Open Source Fund, a $1.25 million initiative aimed at bolstering the security of open-source projects. Open to applications until January 7, 2025, the program will fund 125 projects, providing $10,000 per project along with security education, mentorship, and certification.
GitHub aims to foster a collaborative ecosystem by connecting project maintainers and funders, with the ultimate goal of enhancing the open-source community's security. Participants will also gain access to GitHub's security tools, including Copilot and Secret Scanning, and will receive bi-annual security health reports.
The initiative has already garnered support from over a dozen organizations, with GitHub inviting more partners to join. For more details, visit the official GitHub announcement.
Cyera Raises $300 Million at $3 Billion Valuation
Data security firm Cyera has secured $300 million in a Series D funding round, doubling its valuation to $3 billion. The round was led by Accel and Sapphire Ventures, with contributions from Sequoia, Redpoint, Coatue, and Georgian, bringing Cyera’s total funding to $760 million since 2021.
The new funds will accelerate platform development, recruit top talent, and support acquisitions, including its recent $162 million purchase of Trail Security. Cyera’s cloud-native platform helps organizations secure data across diverse environments while offering data security posture management, privacy protection, and access governance.
For a deeper dive into Cyera’s platform and recent funding, visit TechCrunch’s coverage.
Oracle Patches Exploited Agile PLM Zero-Day
Oracle has addressed a critical zero-day vulnerability in Agile Product Lifecycle Management (PLM) that was being exploited in the wild. Tracked as CVE-2024-21287 with a CVSS score of 7.5, the flaw affects Agile PLM version 9.3.6, allowing unauthenticated attackers to access sensitive files.
Oracle credited researchers from CrowdStrike for identifying the flaw and urged organizations to apply the patch immediately. Agile PLM, slated for discontinuation by 2027, remains widely used for managing product data and collaboration.
For full details on the vulnerability and patch guidance, refer to Oracle's security advisory.
Ford Blames Third-Party Supplier for Data Breach
Ford has concluded that a recent data leak involving 44,000 customer records was caused by a third-party supplier, not a breach of its systems. Hackers initially claimed to have accessed sensitive customer information, but Ford clarified the leaked data comprised publicly available dealer addresses.
While Ford assured customers that the matter has been resolved, the incident underscores ongoing challenges in securing third-party supply chains. Read SecurityWeek’s full report on the Ford data leak here.
Apple Confirms Zero-Day Attacks Hitting macOS Systems
Apple has released emergency updates to address two zero-day vulnerabilities actively exploited on Intel-based macOS systems. The flaws, tracked as CVE-2024-44308 (JavaScriptCore) and CVE-2024-44309 (WebKit), allow for arbitrary code execution and cross-site scripting, respectively.
Google’s Threat Analysis Group (TAG) identified the vulnerabilities, but Apple has not disclosed specific details of the attacks. The updates—iOS 18.1.1, macOS Sequoia 15.1.1, and iOS 17.7.2—are critical for mitigating ongoing threats.
For more information, visit Apple’s security updates page.
Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments
Threat actors are exploiting NFC technology to siphon funds at scale using a method dubbed Ghost Tap by ThreatFabric. This technique involves relaying NFC traffic from stolen credit cards linked to mobile payment services like Google Pay or Apple Pay, enabling cybercriminals to conduct transactions worldwide without physical access to the victim's card or device.
"Criminals can misuse Google Pay and Apple Pay to transmit your tap-to-pay information globally within seconds," ThreatFabric told The Hacker News.
Attackers typically use banking malware to capture credentials and one-time passwords, linking stolen card details to payment services. NFCGate, a legitimate tool, is then employed to relay NFC traffic to mules who perform fraudulent transactions.
The scheme complicates detection, as transactions appear to originate from the victim’s device, bypassing anti-fraud mechanisms. With the ability to operate across locations and scale rapidly, Ghost Tap presents a significant challenge for financial institutions and retailers.
Read more about the implications of this attack on ThreatFabric's official blog.
Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package
Security researchers at Qualys have identified five critical vulnerabilities in the Needrestart package, included by default in Ubuntu Server since version 21.04. These flaws, present since 2014, allow local attackers to gain root privileges, posing a severe threat to system integrity.
The vulnerabilities, including CVE-2024-48990 and CVE-2024-48991, exploit the package’s handling of environment variables and interpreter support. Attackers can execute arbitrary code or shell commands during package installations or upgrades, often performed with root privileges.
Needrestart’s primary function is to detect services requiring a restart after updates, but its design flaws make it a target for local privilege escalation. Temporary mitigations include disabling interpreter scanners while users apply the latest patches.
"An attacker exploiting these vulnerabilities could gain root access, compromising system integrity and security," warned Saeed Abbasi, product manager at Qualys.
For detailed guidance, visit the official Ubuntu Security Notices.
Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity
Microsoft has unveiled the Windows Resiliency Initiative, aiming to enhance security, reliability, and system recovery. Key features include Quick Machine Recovery, enabling IT administrators to remotely execute fixes via Windows Update on unbootable PCs, and user-mode security tools that avoid kernel-level dependencies, minimizing system crashes.
David Weston, VP of Enterprise and OS Security at Microsoft, explained, "This remote recovery will unblock employees from broad issues faster than previously possible."
Additional updates include:
- Administrator Protection: Standard user permissions with easy elevation via Windows Hello.
- Personal Data Encryption: Protects files in key folders with Windows Hello.
- Zero Trust DNS: Blocks outbound traffic to unapproved domains.
- Hotpatch: Applies security updates without restarts.
- Config Refresh: Automatically resets PCs to preferred configurations.
These changes align with Microsoft's broader Secure Future Initiative (SFI), focusing on Zero Trust principles and advanced cyber resilience.
Microsoft is also expanding its bug bounty program with the Zero Day Quest, encouraging research into cloud and AI security vulnerabilities.
Learn more about these features on Microsoft's Security Blog.
China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks
A China-linked cyber espionage group, dubbed Liminal Panda by cybersecurity firm CrowdStrike, has been targeting telecom entities in South Asia and Africa since 2020. Their operations exploit deep knowledge of telecommunications networks and protocols, including SIGTRAN and GSM, to enable intelligence collection.
According to CrowdStrike's recent analysis, the group employs custom tools like SIGTRANslator, CordScan, and PingPong to infiltrate telecom servers, retrieve sensitive data, and establish command-and-control (C2) connections. These tools facilitate data exfiltration and allow adversaries to breach interconnected telecom networks across regions.
Notably, the adversary uses weak password strategies and publicly available emulators like TinyShell and sgsnemu to compromise external DNS servers and gain unauthorized access to subscriber data, call metadata, and SMS information. This revelation follows earlier misattributions of their activities to another group, LightBasin, which has targeted telecom networks since 2016.
With global telecom giants like AT&T, Verizon, and T-Mobile also facing threats from state-sponsored attackers, this incident highlights the vulnerabilities in critical infrastructure. The Chinese cyber offensive ecosystem, involving government-backed units, private entities, and vulnerability researchers, continues to pose a major challenge to global cybersecurity. Learn more from CrowdStrike's analysis.
LevelBlue Releases 2024 Cyber Resilience Report for U.S. SLED Agencies
Managed security provider LevelBlue has published its 2024 Futures Report: Cyber Resilience in U.S. State, Local, and Education Agencies (SLED), offering critical insights into how these entities combat escalating cyber threats.
Key findings include:
- 69% of respondents cite organizational barriers as risks to cyber resilience.
- 66% face challenges due to digital transformation efforts.
- 70% acknowledge cybersecurity as an afterthought, with siloed efforts.
- 69% report a lack of enterprise-wide prioritization of cyber resilience.
The report underscores the growing need for proactive investment and external guidance in cyber resilience strategies, with 72% of organizations struggling to find adequate resources. Access the full report here.
LevelBlue's Chief Evangelist Theresa Lanowitz also delves into these issues in an on-demand webcast available on MSSP Alert. Watch it here.
Accenture Unveils AI-Powered Cybersecurity Services
This week, Accenture announced its next-generation AI-powered cybersecurity capabilities, aimed at enhancing business resilience. The launch includes new Cyber Future Centers powered by emerging technologies across global hubs in Brussels, Washington, D.C., Bengaluru, and Malaga.
These centers will focus on quantum security, cyber-physical security, and AI-driven threat mitigation. Accenture aims to help organizations simplify cybersecurity through platform consolidation. Read more about Accenture’s initiatives.
Blue Mantis Acquires Colligio to Expand Unified Communications Practice
Blue Mantis, formerly known as GreenPages, has acquired Colligio, a specialist in Cisco-based technologies. This acquisition strengthens Blue Mantis’ portfolio by launching a new collaboration and unified communications practice. Sean Kelley, Colligio’s founder, will lead the practice as VP. Find out more here.
Palo Alto Networks Exceeds Q1 Expectations Amid Cybersecurity Demand
Palo Alto Networks outperformed Wall Street’s expectations in its Q1 revenue, posting $2.14 billion compared to the forecasted $2.12 billion. The company also announced a two-for-one stock split effective December 16, 2024.
While shares dipped slightly in after-hours trading, Palo Alto highlighted its progress in "platformization," consolidating security tools into a unified platform. This approach aims to address rising cyber threats while improving user experience. Explore Palo Alto’s financial performance.
Cribl Solutions Now Available on Microsoft Azure Marketplace
Cribl, a leader in data management platforms, announced the availability of its solutions on the Microsoft Azure Marketplace. This integration simplifies onboarding for customers and enables them to leverage Azure’s robust cloud infrastructure. Additionally, organizations can utilize their Microsoft Azure Consumption Commitment (MACC) for seamless procurement of Cribl services. Learn more about Cribl’s offerings.
Cyware Appoints Jawahar Sivasankaran as President
Threat intelligence platform Cyware named Jawahar Sivasankaran as its new president. With over 25 years of experience at companies like Cisco, Splunk, and Appgate, Sivasankaran aims to lead Cyware’s go-to-market strategies and product innovation. Read Cyware’s announcement.
Nintex Introduces Low-Code Process Automation Builder
Nintex unveiled Nintex Apps, a low-code application builder that streamlines workflow automation for business users and IT teams. This tool integrates with Nintex’s workflow and document generation products, enabling rapid development of applications tailored to specific operational needs. Discover more about Nintex Apps.
Radware Ltd. (RDWR) Launches AI SOC Xpert: Revolutionizing Cybersecurity with AI-Driven Incident Resolution
On November 19, Radware Ltd. (NASDAQ) unveiled its latest innovation, AI SOC Xpert, a cloud security service designed to streamline incident resolution for DDoS and application security by up to 95%. Leveraging AI, the service automates attack detection, root cause analysis, and remediation, significantly improving Security Operations Center (SOC) efficiency.AI SOC Xpert is part of Radware's EPIC-AI platform, which enhances policy tuning, accelerates onboarding, and reduces manual processes. The company, recognized as a leader in cybersecurity, aims to combat advanced threats with its cutting-edge solutions. Radware’s CTO highlighted the platform's role in addressing complex cyber challenges, cementing the company’s position in the cybersecurity landscape.
Building the Future of AI in the U.S.
OpenAI recently proposed a comprehensive "blueprint for U.S. AI infrastructure," which aims to establish AI economic zones, utilize U.S. Navy nuclear expertise, and attract private investment in government projects. According to CNBC, the blueprint advocates for a North American AI alliance to compete with China and a National Transmission Highway Act to modernize the energy grid.
Key recommendations include accelerating permitting processes, creating research hubs at public universities, and expanding renewable energy and data center capacities. With a target of 50 gigawatts of energy by 2030, the plan emphasizes the need for small modular reactors to bolster nuclear power.
Read more about these developments in Trending AI Stocks and AI News Investors Follow.
The Road Ahead for AI in Business
In a conversation with CNBC, Kunle Olukotun, co-founder and CTO of SambaNova Systems, highlighted the rapid evolution of AI in business. By 2025, companies are expected to move beyond pilot projects, deploying complex AI systems that integrate multiple models for automation.
The focus is shifting from experimentation to real-world applications, with major tech companies investing heavily in infrastructure. Rapid inference capabilities and sophisticated reasoning models are becoming essential as businesses scale AI integration.
For insights on promising investments, check out AI Stocks According to BlackRock and 35 Non-Tech AI Opportunities.
Calgary Public Library Progresses in Cybersecurity Recovery
The Calgary Public Library is gradually recovering from an October 11 cybersecurity incident that forced the closure of its 22 branches. As of November 16, members can access accounts, return books, and place holds. Full services are expected to resume by December.
Mary Kapusta, the library's communications director, confirmed no data was compromised during the attack, and the recovery process has accelerated planned system improvements. Despite challenges, the library's phased reopening underscores its commitment to security and service restoration.
Learn more about public institutions and cyber threats in CBC’s Report.
N-able Acquires Cybersecurity Platform Adlumin
On November 15, N-able announced its acquisition of Adlumin, a cybersecurity platform and strategic partner, in a deal valued at over $200 million. The acquisition aims to scale N-able’s security portfolio and boost its annual recurring revenue.
John Pagliuca, N-able’s CEO, stated that owning Adlumin would enable faster scaling and deeper insights for IT teams. The company expects 10% revenue growth in 2024, forecasting $113.3M–$114.8M in Q4 and $463M–$464.5M for the year.
Discover more about N-able and its strategic moves at N-able Newsroom.
Security Awareness and Training Is a Method, Not an Outcome
For decades, organizations have heavily relied on security awareness and training (SA&T) programs as the cornerstone of human-related cybersecurity strategies. Yet, despite 97% of organizations reporting active SA&T initiatives, human-related attacks like business email compromise (BEC) have surged, quadrupling in recent years. The glaring issue: SA&T programs often fail to instill meaningful security behaviors or culture within organizations, leaving many CISOs disillusioned.
In 2024, human risk management (HRM) transitioned from a niche concept to a viable alternative for organizations frustrated with traditional SA&T. This shift represents a departure from a training-first approach to one that measures, manages, and mitigates human risk in security. HRM frameworks are gaining traction, with vendors integrating it into their solutions and organizations embracing HRM maturity models to address human vulnerabilities comprehensively.
The Rise of Human Risk Management
Human risk management focuses on four key pillars:
- Detecting and measuring human security behaviors to quantify risk.
- Implementing policy and training interventions tailored to human risk.
- Educating and empowering employees to take an active role in cybersecurity.
- Fostering a positive security culture across the organization.
In contrast to the outdated one-size-fits-all approach of SA&T, HRM emphasizes targeted, behavior-driven strategies to influence outcomes effectively.
The Future of Security Training: From SA&T to HRM
A Forrester report predicts that the transition from SA&T to HRM will unfold in three phases:
- Short term: Most organizations will continue leveraging traditional training methods but will start exploring HRM as an adjunct to compliance-driven SA&T programs.
- Medium term: The emphasis will shift toward evidence-based behavior change, with HRM becoming the preferred approach for mitigating human risk.
- Long term: Organizations will adopt adaptive human protection systems, where people, processes, and technology converge to anticipate and respond to human-related threats with minimal employee intervention.
This evolution points to a future where HRM displaces SA&T as the dominant paradigm for managing human risk in cybersecurity.
Learn more about HRM from Forrester.
On Cybersecurity, Physicians Must Always Be on Their Toes
Cybersecurity in healthcare has escalated from a patient privacy concern to a critical national security issue. The designation of healthcare as part of the U.S. critical infrastructure underscores its growing importance alongside water, energy, and transportation sectors.
Recent cyberattacks, such as the Change Healthcare incident, highlight the devastating consequences of breaches, affecting not only patient care but also the broader healthcare ecosystem, including hospitals, pharmacies, and laboratories.
Why Healthcare Cybersecurity Matters
In a letter to the Cybersecurity and Infrastructure Security Agency (CISA), AMA CEO James L. Madara, MD, emphasized three urgent priorities:
- Cybersecurity as a patient-safety issue.
- Preparation for inevitable cyberattacks.
- Providing resources and tools for physicians to enhance cybersecurity practices.
The healthcare sector faces growing risks due to increased electronic health information exchange, AI adoption, and EHR usability challenges.
Read the full AMA letter here.
Microsoft Challenges Hackers with $4 Million Bug Bounty in Zero Day Quest
In a bold move to strengthen its security, Microsoft has unveiled the Zero Day Quest, offering a massive $4 million in rewards to ethical hackers who uncover high-impact vulnerabilities. Tom Gallagher, VP of Engineering at the Microsoft Security Response Center, announced the initiative, describing it as a unique opportunity to foster collaboration between Microsoft’s engineers, red teamers, and the wider security community.
The Zero Day Quest expands Microsoft’s bug bounty program with a focus on AI and cloud vulnerabilities. Key features include doubled bounty payments for AI-related findings and a chance to join an on-site hacking event at Microsoft’s Redmond headquarters in 2025.
Hacking Rules of Engagement
Participants must adhere to strict guidelines to ensure ethical hacking practices. Out-of-scope activities include phishing, denial-of-service testing, and accessing non-authorized data. Submissions should focus on technical vulnerabilities within Microsoft’s Online Services. For detailed rules, visit the Microsoft Security Response Center.
This initiative underscores Microsoft’s commitment to securing cloud and AI services. Gallagher emphasized the importance of building partnerships to protect against evolving threats.
Finastra Data Breach: 400GB of Sensitive Data Stolen
Finastra, a leading fintech serving 45 of the world’s top 50 banks, confirmed a significant data breach involving its Secure File Transfer Platform (SFTP). The attacker, known as "abyss0," allegedly exploited stolen credentials to exfiltrate 400GB of compressed data. The breach was first advertised on BreachForums for $20,000 before the hacker disappeared, raising suspicions of a private sale or increased scrutiny.
Scope of the Breach
Initial investigations indicate the stolen data includes:
- Client Data: Sensitive banking information and transaction details.
- Internal Documents: Confidential operational files.
Finastra has assured customers that no malware was deployed and that customer files were not altered. However, the breach highlights vulnerabilities in file transfer systems, raising concerns about client confidentiality.
Finastra is working to identify affected customers and has replaced the compromised platform with a secure alternative. For updates, visit Finastra’s Security Page.
Trump Administration Could Reshape Privacy Policies
As Donald Trump prepares to re-enter the White House, questions loom over his administration’s stance on privacy and encryption. While Trump has criticized Big Tech in the past, experts suggest his libertarian leanings may clash with law enforcement's push for increased surveillance.
The Crypto Wars Return?
Former NSA lawyer Stewart Baker speculates that Trump’s support for privacy could limit efforts to mandate encryption backdoors, though concerns remain. Initiatives like the EARN IT Act could force tech companies to monitor platforms more closely, potentially undermining encryption.
Critics warn that a more business-aligned Trump administration could see tech companies capitulating to government demands, eroding privacy rights. For ongoing analysis, follow EFF’s Coverage on Encryption.
Jen Easterly to Step Down as CISA Director
Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), will leave her post in January. Easterly’s tenure saw efforts to secure elections and protect critical infrastructure. Her deputy, Nitin Natarajan, is also stepping down, leaving a leadership gap at a crucial time for national cybersecurity.
Speculation about Easterly’s successor includes Ohio Secretary of State Frank LaRose. For more on this transition, visit NextGov.