Legal recourse? Nissan balances competitive and security fallout from source code leak.

News that source code of Nissan North America tools leaked online because of a misconfigured Git server spurs questions not only about potential cyberattacks by bad actors, but also whether competitors could use the sensitive data against the automobile giant.

Nissan offerings associated with the leaked source code ran the gamut from Nissan North America mobile apps and Nissan’s internal core mobile library to some parts of the Nissan ASIST diagnostic tool and sales and marketing research tools and data. The Git server has since been taken offline, after data began to get shared on Telegram and hacking forums.

January 6, 2021 - Alexandria, Va., - Nisos, the Managed Intelligence company, today announced $6M in funding led by global cyber investor Paladin Capital Group. Existing investors Columbia Capital and Skylab Capital also participated in the round. The investment enables Nisos to expand its marketing and operations, while extending its international footprint.

DarkOwl analysts have observed a now well-established digital economy in the darknet around the trade of social media accounts and its influencers – accounts sold in bulk that could be easily leveraged for a dis- or mis-information campaign by a foreign government or agency with malicious intention.

In this blog, DarkOwl, with contributions from Nisos, looks at how the darknet is rife with “disinformation as a service” type offerings, and how technology such as blockchain is now being leveraged to persistently disseminate false narratives to the public. 

Organizations are facing increasingly complex and international threats — from trade-secret exfiltration from countries like China in furtherance of economic espionage and academic advantages, to criminal gangs intent on installing malware on networks to extract hefty ransoms. While the exploits themselves are not new, the pace, the breadth, and the incentives are enhanced, creating heightened concern at the highest corporate and governmental levels. With trade secrets, valuable IP, reputation, and shareholder value on the line, what are best-in-class security teams doing to protect themselves against advanced threat actors?

Imagine this: You click on a news clip and see the President of the United States at a press conference with a foreign leader. The dialogue is real. The news conference is real. You share with a friend. They share with a friend. Soon, everyone has seen it. Only later you learn that the president’s head was superimposed on someone else’s body. None of it ever actually happened.

Sound farfetched? Not if you’ve seen a certain wild video from YouTube user Ctrl Shift Face (take a look at the clip above). Since last August, it's gotten almost 9.5 million views.

"In the new work-from-home world where nonessential companies have pivoted into a largely remote workforce model with increasing reliance on business tools that ensure connectivity, there is a growing concern that tools like Zoom may not be vetted to the full extent of their now-applicable use case."

In our TendingBar interview, Jen describes how the COVID-19 era has taught us to pay more attention to the well-being of our co-workers, and to offer compassion through our jobs. As an outspoken advocate for corporate diversity, Jen explains that diverse teams are good for business.  More importantly, Jen argues that every business should aspire to fit the values of its people, and that good business management should be an expression of respect and regard for one’s colleagues. 

Security consulting firm NISOS has released a report analyzing one such attempted fraud, and shared the audio with Motherboard. 

A security firm analyzed a suspicious voicemail left to a tech company employee, part of an attempt to get the employee to send money to criminals.

Justin Zeefe, a former intelligence officer who is now the president of Nisos, a security firm in Virginia, said his company has worked for tech companies on a wide range of cases. On one occasion, they learned that a company’s overseas suppliers had ties to foreign intelligence agencies.

Another client asked his firm to determine whether an acquisition target had been infiltrated by foreign hackers. Yet another hired Nisos to determine the source of multiple cyberattacks. It turned out to be the work of a competitor that had intercepted the company’s Wi-Fi from an apartment rented across the street.