All posts in “Nsa”

Virtru secures $37 million Series B led by Iconiq

Virtru, the security startup that came out of research at the NSA, announced a $37 million Series B financing round today led by Iconiq Capital.

The company also announced the formation of Virtru Labs, an entity to be led by company co-founder and CTO Will Ackerly. The Lab will act as an innovation engine for the company, while trying to make Virtru’s underlying technology, Trusted Data Format (TDF), an industry standard for exchanging data securely in a similar manner that PDF developed into a standard way of exchanging documents.

CEO and co-founder John Ackerly (and brother of Will) says this has been a goal since the earliest days of the company and starting the lab is one of the reasons they wanted to raise this round. “My brother and I firmly believe you need an open framework in order to achieve the vision of true default security,” he told TechCrunch.

They believe by investing time and dollars to get third parties to adopt the TDF and adopting all tiers of this data format, it could remove the friction we have today when data is being shared across systems, while eliminating vendor lock-in.

The company currently offers tools for end-to-end email encryption in G-Suite and Office 365, but they hope to expand to file sync and share applications and chat. They also want to promote technical partnerships through the SDK they launched earlier this year. Finally, they want to expand globally by growing a channel partner system.

Ackerly says all of that takes money and that’s why they went looking for this round. It didn’t hurt that the company has experienced explosive growth over the last year adding 3000 new customers for a total of over 8000 using their products, while tripling revenue (they did not provide an exact figure).

Ackerly says one of the reasons for this growth is an increasing desire on the part of users to have a trust mechanism for sharing information online. “If you look at our partnership with Google, with Microsoft, with Amazon; these are all platform companies that are coming to grips with this privacy imperative. We are in a crisis of trust as a society and Virtru has always taken the approach of partnering closely because these workflows matter to end users,” he said. He adds that this really wouldn’t work if the company tried to create a new set of tools.

Vitru has around 80 employees today and Ackerly expects that to grow by around 50 percent over the coming year as they move into new markets, grow the lab and expand channel and partner support.

The round was led by Iconiq Capital with participation from returning investors Bessemer Venture Partners, New Enterprise Associates, Samsung, Blue Delta Capital, and Soros Capital. Today’s round brings the total raised to over $76 million since the company was founded in 2011.

Blacklisted cybersecurity firm Kapersky decamps for Switzerland

We hear neutral territory like Zurich is lovely this time of year.
We hear neutral territory like Zurich is lovely this time of year.

Image: UIG via Getty Images

Cybersecurity company Kapersky Lab found itself blacklisted by U.S. federal agencies after accusations of enabling Russian spies to steal NSA files. Unloved and perhaps unwanted, the company — which has denied any wrongdoing — is moving a number of its international data servers to neutral territory: Zurich. Read more at PC Mag…

The U.S. Government Accuses Two Chinese Phone Makers of Spying on Americans – Here’s Why We Think It’s Bullsh*t

The CIA, NSA, and FBI are accusing the Chinese government of using Huawei and ZTE phones to spy on Americans. The thing is, there’s no hardcore evidence. Even though the company denied these allegations, they need to show their customers that their phones are safe to use.

Read more here

Russian hackers reportedly used popular antivirus software to steal NSA data

Russian hackers stole “highly classified” NSA files laying out how the agency combats cyberattacks and spies on other countries’ networks, according to a new report in The Wall Street Journal.

The hackers reportedly found the files via Kaspersky’s antivirus software after an National Security Agency contractor put the files on his home computer. 

The attack, which happened in 2015 though it was only discovered last year, “is considered by experts to be one of the most significant security breaches in recent years.” The files reportedly lay out key parts of the NSA’s strategy for spying and defending itself against cyberattack.

As the WSJ notes, the stolen data could have big implications for Russia’s ability to both attack U.S. networks and defend itself from the NSA.

Having such information could give the Russian government information on how to protect its own networks, making it more difficult for the NSA to conduct its work. It also could give the Russians methods to infiltrate the networks of the U.S. and other nations, these people said.

The report also goes a long way toward explaining government officials’ recent concerns over Kaspersky’s software. The Russian company’s software was banned from U.S. government agencies last month after a report in Bloomberg alleged the company had been working closely with the Russian government for years.

In a statement, Kaspersky CEO Eugene Kaspersky said his company “has not been provided any evidence substantiating the company’s involvement in the alleged incident.” 

“The only conclusion sees to be that Kaspersky Lab is caught in the middle of a geopolitical fight.”

Others in the cybersecurity community were quick to point out that the WSJ’s report stops short of suggesting that Kaspersky worked directly with the Russian government on the hack. Instead, it’s possible that the Russians exploited vulnerabilities within Kaspersky’s software to get the data.

Either way, the breach is the latest headache for the NSA, which has faced criticism over its handling of repeated leaks.

Https%3a%2f%2fvdist.aws.mashable.com%2fcms%2f2017%2f10%2f0773757e acef dd02%2fthumb%2f00001

A new tool will check if you’re vulnerable to the hack that brought down computers across the globe

"Yup, still vulnerable."
“Yup, still vulnerable.”

Image: AMBAR DEL MORAL/MASHABLE

WannaCry paralyzed hospitals. NotPeya crashed banks. But how to know if you’re vulnerable to the stolen National Security Agency exploit that fueled two major cyber attacks and helped bring down computers across the globe?

Thankfully, a new tool has your back. 

After the Shadow Brokers hacking group dumped a cache of stolen NSA exploits in April, the cybersecurity community issued dire warnings that things were about to get really, really bad. But then Microsoft quickly chimed in to note that it had already patched the vulnerabilities in question. 

“We’ve investigated and confirmed that the exploits disclosed by the Shadow Brokers have already been addressed by previous updates to our supported products,” a Microsoft spokesperson told Mashable at the time. “Customers with up-to-date software are already protected.” 

And yet. 

One of the hoarded NSA vulnerabilities, dubbed EternalBlue, allows for the worm-like spread of malware across computer systems. And despite Microsoft’s assurances, it turns out that many people and organizations did not in fact update their computers with the available patch. WannaCry and NotPetya, which made use of EternalBlue, were the result. 

That, in the face of clear warnings and readily available safeguards, people failed to protect themselves is a clear sign that many of those at risk don’t realize the precarious nature of their position. 

Eternal Blues, a vulnerability scanner developed by Elad Erez, aims to change that. 

“The majority of latest WannaCry, NoPetya (Petya, GoldenEye or whatever) victims, are not technical organizations and sometimes just small business who don’t have a security team, or even just an IT team to help them mitigate this,” writes Erez on his blog. “Running NMap, Metasploit [a penetration testing software] (not to mention more commercial products) is something they will never do. I aimed to create a simple ‘one-button’ tool that tells you one thing and one thing only – which systems are vulnerable in your network.”

The message displayed by the not-really ransomware NotPetya.

The message displayed by the not-really ransomware NotPetya.

Image: SYMANTEC

The free software simply checks networks to see if they are still susceptible to EternalBlue.

“[Eternal Blues] helps finding the blind spots in your network, these endpoints that are still vulnerable to EternalBlue,” continues Erez. “Just hit the SCAN button and you will immediately start to get which of your computers are vulnerable and which aren’t. That’s it.”

Importantly, Erez does collect anonymized data on the results of the scan, but he also details a way to disable this information-sharing feature for the extra security conscious. 

And if you do find that your computer is vulnerable? Make sure you install the Microsoft patch. And, as always, keep your operating system up to date. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f80316%2ff500b367 c74e 4fa7 97cd cde8f19f3003