Security News > 2020 > August

IRONSCALES plans to use the funding to further accelerate its aggressive growth strategy through market expansion and ongoing research and development of its email security platform. "While we weren't actively seeking capital, partnering with Jump was too good of an opportunity for us to pass up," said Eyal Benishti, IRONSCALES founder and CEO. "With this Series B extension, and with Jump and McNulty on our team, we will be able to accelerate our marketplace momentum through investments in both people and technology, helping reduce the risk from what has become a global email phishing epidemic."

The funds will be used to expand its product and engineering teams in order to accelerate growth. "The traditional solutions to mitigating legal, compliance, or cultural risks with employee communications are retroactive and expensive - engaging outside counsel, hiring more lawyers, company-wide quarterly trainings - we'd like to flip that paradigm on its head and help our customers prevent risk before it is created," said Kevin Brinig, co-Founder and CEO of LitLingo.

After Google Home users started receiving mysterious alerts when their fire alarms went off or their plates smashed in their homes, Google acknowledged that it accidentally rolled out a feature causing the smart devices to record sounds without the voice prompt. Google for its part said that the alerts are part of a subscription service called "Nest Aware," first launched in May. As part of this service, users of Google cameras, speakers and displays can pay for the devices to detect any "Critical" sound in their home and send them an alert on their phones while they are away from their homes.

The protocols are CS2 Network P2P, used by more than 50 million devices worldwide, and Shenzhen Yunni iLnkP2P, used by more than 3.6 million. "As of August 2020, over 3.7 million vulnerable devices have been found on the internet," reads the site, which lists affected devices and advice on what to do if you have any at-risk gear.

The bug is found in Chrome, Opera and Edge, on Windows, Mac and Android - potentially affecting billions of web users, according to PerimeterX cybersecurity researcher Gal Weizman. CSP allows web admins to specify the domains that a browser should consider to be valid sources of executable scripts.

The British offices of Barclays Bank are under investigation over allegations that managers spied upon their own staff as part of a workplace productivity improvement drive. Back in February, the bank trialled tracking software to detail the amount of time employees spent at their desk, as revealed by City AM. Last week an employee received a "Work yoga" assessment on their daily performance informing them they had spent "Not enough time in the Zone yesterday," the City paper reports.

A series of vulnerabilities affecting Samsung's Find My Mobile could have been chained to perform various types of activities on a compromised smartphone, a researcher from Portugal-based cybersecurity services provider Char49 revealed at the DEF CON conference on Friday. Find My Mobile is designed to help users find lost Samsung phones.

Troy Hunt, the security expert who handles the breach notification website Have I Been Pwned, announced late last week that he is ready to make the code behind the site available in open source. Hunt now says that the time has come for the project to evolve into open source, especially given the fact that community contributions to Have I Been Pwned have increased significantly recently.

According to the latest Kaspersky quarterly DDoS attacks report, DDoS events were three times more frequent in comparison to the second quarter last year, and were up 30 percent from the number of DDoS attacks observed in the first quarter of 2020. The typical annual trend for DDoS is for attacks to spike at the beginning of the year, during the peak season for businesses; while they tend to fall off in late spring and summer.

The US Small Business Administration has been offering loans to businesses and other groups affected by the pandemic and lockdown, turning it into a target ripe for impersonation in phishing attacks. A report published Monday by security firm Malwarebytes tracks some of the different phishing campaigns that have sought to exploit the SBA. SEE: Coronavirus: Critical IT policies and tools every business needs.