Legal recourse? Nissan balances competitive and security fallout from source code leak.

News that source code of Nissan North America tools leaked online because of a misconfigured Git server spurs questions not only about potential cyberattacks by bad actors, but also whether competitors could use the sensitive data against the automobile giant.

Nissan offerings associated with the leaked source code ran the gamut from Nissan North America mobile apps and Nissan’s internal core mobile library to some parts of the Nissan ASIST diagnostic tool and sales and marketing research tools and data. The Git server has since been taken offline, after data began to get shared on Telegram and hacking forums.

January 6, 2021 - Alexandria, Va., - Nisos, the Managed Intelligence company, today announced $6M in funding led by global cyber investor Paladin Capital Group. Existing investors Columbia Capital and Skylab Capital also participated in the round. The investment enables Nisos to expand its marketing and operations, while extending its international footprint.

DarkOwl analysts have observed a now well-established digital economy in the darknet around the trade of social media accounts and its influencers – accounts sold in bulk that could be easily leveraged for a dis- or mis-information campaign by a foreign government or agency with malicious intention.

In this blog, DarkOwl, with contributions from Nisos, looks at how the darknet is rife with “disinformation as a service” type offerings, and how technology such as blockchain is now being leveraged to persistently disseminate false narratives to the public. 

Organizations are facing increasingly complex and international threats — from trade-secret exfiltration from countries like China in furtherance of economic espionage and academic advantages, to criminal gangs intent on installing malware on networks to extract hefty ransoms. While the exploits themselves are not new, the pace, the breadth, and the incentives are enhanced, creating heightened concern at the highest corporate and governmental levels. With trade secrets, valuable IP, reputation, and shareholder value on the line, what are best-in-class security teams doing to protect themselves against advanced threat actors?

Imagine this: You click on a news clip and see the President of the United States at a press conference with a foreign leader. The dialogue is real. The news conference is real. You share with a friend. They share with a friend. Soon, everyone has seen it. Only later you learn that the president’s head was superimposed on someone else’s body. None of it ever actually happened.

Sound farfetched? Not if you’ve seen a certain wild video from YouTube user Ctrl Shift Face (take a look at the clip above). Since last August, it's gotten almost 9.5 million views.

"In the new work-from-home world where nonessential companies have pivoted into a largely remote workforce model with increasing reliance on business tools that ensure connectivity, there is a growing concern that tools like Zoom may not be vetted to the full extent of their now-applicable use case."

In our TendingBar interview, Jen describes how the COVID-19 era has taught us to pay more attention to the well-being of our co-workers, and to offer compassion through our jobs. As an outspoken advocate for corporate diversity, Jen explains that diverse teams are good for business.  More importantly, Jen argues that every business should aspire to fit the values of its people, and that good business management should be an expression of respect and regard for one’s colleagues. 

Security consulting firm NISOS has released a report analyzing one such attempted fraud, and shared the audio with Motherboard. 

A security firm analyzed a suspicious voicemail left to a tech company employee, part of an attempt to get the employee to send money to criminals.

Justin Zeefe, a former intelligence officer who is now the president of Nisos, a security firm in Virginia, said his company has worked for tech companies on a wide range of cases. On one occasion, they learned that a company’s overseas suppliers had ties to foreign intelligence agencies.

Another client asked his firm to determine whether an acquisition target had been infiltrated by foreign hackers. Yet another hired Nisos to determine the source of multiple cyberattacks. It turned out to be the work of a competitor that had intercepted the company’s Wi-Fi from an apartment rented across the street.

Recently while conducting some research, I found myself down the path of Google Analytics ID’s as well as other analytics services. I was investigating ways to not only identify varying analytics code in sites, but to correlate them with other sites that may be linked to the same owner. Please note before further reading: I make some guesses about what I find, though that’s contrary to the concept of analysis, and I am not presuming to know definitively why I am seeing what I am seeing in this specific case study. It’s all just very curious to me. Dive in and take a look for yourself!

Many of you know that I use Brave as my daily browser. One of the features I love is that I can elect to see pop up ads (infrequently) in exchange for BAT– a utility token with some value similar to cryptocurrency yet distinct. Recently I was served up an ad for a site called VidLeap with some pretty outrageous claims. It’s a teaching course led by a man named Vincent Briatore that claims he can walk you through setting up a Youtube channel and brand that may earn you up to 1 million followers, 100 million views, and $100k a month in revenue in only 4 weeks.

Three weeks after Election Day 2016, the Kremlin officially floated a theory that would ultimately lead to only the third presidential impeachment in U.S. history.

An investigation found that a former Fox News executive hired Macedonians to write culturally and politically divisive content for his websites.

It's pump and dump in a bull market, short and distort in a bear one.

Security expert Willis McDonald of Nisos talked with Clark.com and told us there’s no way to stay completely safe from criminals looking to compromise your financial accounts. But Chromebooks come pretty darn close.

“A Chromebook is not inherently more secure than other devices, but you are less likely to get infected using the Chromebook than you would, say, a Windows machine,” McDonald says. “Criminals don’t target Chromebooks as much because they’re not running on a popular operating system.”

Meanwhile, USA Today notes the Chromebook’s operating system also mitigates virus risk by disallowing the installation of traditional program or applications. And during each reboot, the Chromebook ensures software integrity and repairs any intrusions if necessary.

Typosquatting remains a vulnerability for phishing attacks against companies.

Russians and others won't stay out of 2020. But they'll be able to amplify US-created disinformation and have more time to disrupt 2020 in other ways.

We live in an age of heightened interpersonal conflict, stress and anxiety in the workplace. One of the fallouts of all of this is data theft. According to Verizon's 2019 Insider Threat Report, insider threat actors are prevalent in many industries, and the causes range from personal gain (such as selling sensitive data on the black market) to a disgruntled employee who lashes out in retaliation for a perceived slight. An employee may also unknowingly become a pawn in an external actor’s game of gaining access or, more likely, they may be simply careless in their use of technology.

The hashtag #BoycottOliveGarden went viral this week on Twitter, amid claims that the Italian restaurant chain was helping to fund President Trump’s reelection campaign. The problem, according to the restaurant and independent researchers, is that it’s just not true.

The number of countries in the cross-hairs of political disinformation campaigns more than doubled to 70 in the last two years, according to a recent report from researchers at Oxford University. Given the efficacy of such attacks, it’s not surprising that disinformation campaigns are also becoming a business problem. Companies as varied as Olive Garden, Koch’s Turkeys, and Columbine Chemicals have been recent victims of massive social media hoaxes spreading false information connected to their product or brand.

Disinformation attacks create the perfect storm on a global level by traversing hemispheres and social classes in a matter of moments.

While disinformation is getting a lot of attention in security circles, the discussion primarily tends to be in the context of election security. However, hacking social media accounts, or creating fake accounts, to post false messages about a company is absolutely a disinformation campaign.

While the industry as a whole must adopt a more focused and holistic approach to working together as offense and defense. Without a true devotion from red team offensive groups to truly help and work together with the blue team defensive groups we will never see a shift and maturity in security as a whole.

Meet Harrison. Harrison is “good, loving, caring, and kind hearted.” Harrison is also a fake account, though it might not look like it on first glance.

Note that this is not a one-time exercise, but a digital hygiene process which should be rinsed and repeated at regular intervals.

What lies ahead in fintech is a groundswell of rapidly and constantly developing regulatory requirements and unbridled opportunity.

Attack simulations, physical security, social engineering, and open source intelligence assessments can help law firms learn and self-correct before a real hacker gets through first.

Attack simulations, physical security, social engineering, and open source intelligence assessments can help law firms learn and self-correct before a real hacker gets through first.

A comprehensive security management program gives equal weight to external and internal threats. While outsiders may know more about the latest attack methods, insiders have intimate knowledge about the company which can lead to loss of sensitive data and wreak havoc on profits and market share. By moving from a reactive, ad hoc strategy for handling insider threats to a proactive, preventative, and coordinated approach, companies can minimize the financial and reputational impact of insider attacks — and someday maybe even prevent them altogether.

The financial and organizational realities of two organizations merging or a smaller company being acquired by a larger one are profound. It’s critical to understand how to value, assess, protect and properly transition assets. Conducting thorough and reasoned cyber due diligence is an often overlooked but critical step in the cadence of M&A groundwork to a successful transaction.

“Having spent five years at Wickr I was ready for a set of new challenges. It’s been really rewarding and fun to address a lot of the possible issues of the day in my role at Wickr,” DeTrani told Corporate Counsel. “But focusing on threats that exist within enterprises and how to help solve those threats is where I saw myself spending more time in the future. That’s why it made sense to transition to Nisos.”

Cyber services and investigations firm Nisos has raised $6 million in funding from Columbia Capital. Jason Booma, a Partner at Columbia, is joining Nisos’ board of directors, along with David Northington, who was most recently managing director at Accenture.

Cyberscoop – The U.S. government should decide how to retaliate against the worst attacks on the country’s private sector.

CNNMoney – More companies are starting to approve the use of ephemeral messaging apps for internal communications.