Tag Archive for: taps

Bugcrowd snaps up $102M for a ‘bug bounty’ security platform that taps 500K+ hackers


Bugcrowd — the startup that taps into a database of half a million hackers to help organizations like OpenAI and the U.S. government set up and run bug bounty programs, cash rewards to freelancers who can identify bugs and vulnerabilities in their code — has picked up a big cash award of its own to grow its business further: an equity round of $102 million.

General Catalyst is leading the investment, with previous backers Rally Ventures and Costanoa Ventures also participating.

Bugcrowd has raised over $180 million to date, and while valuation is not being disclosed, CEO Dave Gerry said in an interview it is “significantly up” on its last round back in 2020, a $30 million Series D. As a point of comparison, one of the startup’s bigger competitors, HackerOne, was last valued at $829 million in 2022, according to PitchBook data.

The plan will be to use the funding to expand operations in the U.S. and beyond, including potentially M&A, and to build more functionality into its platform, which — in addition to bug bounty programs — also offers services including penetration testing and attack surface management, as well as training to hackers to increase their skiilsets.

That functionality is both of a technical but also human nature.

Gerry jokingly describes Bugcrowd’s premise as “a dating service for people who break computers” but in more formal terms, it is built around a two-sided security marketplace: Bugcrowd crowdsources coders, who apply to join the platform by demonstrating their skills. The coders might be hackers who only work on freelance projects, or people who work elsewhere and pick up extra freelance work in their spare time. Bugcrowd then matches these coders up, based on those particular skills, with bounty programs that are in the works among clients. Those clients, meanwhile, range from other technology companies through to any enterprise or organization whose operations rely on tech to work.

In doing all this, Bugcrowd has been tapping into a couple of important trends in the technology industry.

Organizations continue to build more technology to operate, and that means more apps, more automations, more integrations and much more data is…

Source…

Army taps Lockheed for second phase of long-range EW, surveillance program


Land Warfare, Networks / Cyber

Silhouette Electronic Warfare

U.S. Army Soldiers assigned to “Wild Bill” Platoon, 1st Squadron, 7th Cavalry Regiment and 1st Battalion, 4th Infantry Regiment conduct electronic warfare training during Combined Resolve XV, Feb. 23, 2021 at the Hohenfels Training Area. (U.S. Army photo by Sgt. Julian Padua)

WASHINGTON — Lockheed Martin will move onto the second phase of building out a prototype meant to provide formations larger than the brigade level with longer-range electronic warfare (EW) systems and situational awareness capabilities, beating out competitor General Dynamics Missions Systems (GDMS.) 

Under the contract, announced Tuesday by the Army, Lockheed will take its Terrestrial Layer System-Echelons Above Brigade (TLS-EAB) prototype from “design and lab-based demonstrations to a tangible form factor able to be tested in a relevant environment,” Lt. Col. Kris Haley, product manager for terrestrial spectrum warfare said. The award is worth up to $36.7 million for a 21-month period of performance. 

“The TLS-EAB is an extended-range, terrestrial sensing, collection, and electronic attack system providing integrated [signals intelligence], EW and cyber capabilities for situational awareness, situational understanding, Intelligence & Warning, command post survivability, critical asset protection operations, and supports the delivery of lethal and non-lethal effects in a holistic, synchronized manner for Multi-Domain Operations (MDO),” according to the announcement. Translation: It’s meant to better let commanders know the various threats they’re facing at a greater distance.

Lockheed will build the prototype TLS-EAB system at its facility in Syracuse, NY, “in the coming months,” according to a company press release. During the first phase of TLS-EAB development, both Lockheed and GDMS conducted “soldier touch points” to take feedback and incorporate it into their design phase. 

“Moving into this next phase, we are going to continue to embrace Soldier Touch Points to drive the design while leveraging a proven DevSecOps pipeline and an open architecture that will enable a highly interoperable, configurable 21st Century Security…

Source…

Biden taps Air Force General for NSA, Cyber


U.S. President Joe Biden has nominated Air Force Lieutenant General Timothy Haugh to head both the National Security Agency (NSA) and U.S. Cyber Command, a U.S. official said on Tuesday. The official confirmed a Politico report that cited an Air Force notice sent out Monday. Haugh is now the deputy commander of the military’s U.S. Cyber Command, reporting to the current NSA and Cyber Command chief, Paul Nakasone. The Associated Press has the story:

Biden taps Air Force Genral for NSA, Cyber

Newslooks- WASHINGTON (AP)

President Joe Biden has chosen a new leader for the National Security Agency and U.S. Cyber Command, a joint position that oversees much of America’s cyber warfare and defense.

Air Force Lt. Gen. Timothy Haugh, the current deputy commander of Cyber Command, would replace Army Gen. Paul Nakasone, who has led both organizations since May 2018 and was expected to step down this year, according to a notice sent by the Air Force this week and confirmed by a person familiar with the announcement. The person spoke on condition of anonymity to discuss personnel matters not yet made public.

If confirmed, Haugh will take charge of highly influential U.S. efforts to bolster Ukraine’s cybersecurity and share information with Ukrainian forces fighting Russia’s invasion. He will also oversee programs to detect and stop foreign influence and interference in American elections, as well as those targeting criminals behind ransomware attacks that have shut down hospital systems and at one point a key U.S. fuel pipeline.

Politico first reported that Haugh was picked.

President Joe Biden speaks as he meets with House Speaker Kevin McCarthy of Calif., to discuss the debt limit in the Oval Office of the White House, Monday, May 22, 2023, in Washington. (AP Photo/Alex Brandon)

It’s unclear whether Haugh will be affected by a Republican senator’s blockade of all military nominations. Sen. Tommy Tuberville of Alabama has for months objected to the Pentagon’s policy of providing travel money and support to troops seeking abortions but based in states with abortion bans.

Haugh’s nomination to lead both the NSA and Cyber Command reflects the White…

Source…

Malware Taps Generative AI to Rewrite Code, Avoid Detection


Artificial Intelligence & Machine Learning
,
Cybercrime
,
Events

Mikko Hypponen Talks GPT-Enhanced Malware, Russian Cyber Operations and More

Mikko Hyppönen, chief research officer, WithSecure

Finnish cybersecurity expert Mikko Hyppönen recently received an email he wasn’t expecting: A malware developer sent him a copy of “LL Morpher,” a brand-new virus he’d written, which uses OpenAI’s GPT large language models.

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources


“It’s the first malware we’ve ever seen which uses GPT to rewrite its code,” said Hyppönen, who’s chief research officer at WithSecure, of the worm, which is written in Python and designed to infect Python files on a victim’s system. Instead of copying its functions into the infected file, the malware uses an API key to call GPT and give it English-language instructions about the malicious functionality it wants to be created.


“It calls GPT to write the code for it, which means every time it’s different, and it will be trivial to modify to write it in any other language,” Hyppönen said. “The whole AI thing right now feels exciting and scary at the same time.”


Thus far, this piece of malware is more proof-of-concept than actual threat, in that it’s available via GitHub, and for now could be contained by blocking the API key. Even so, Hyppönen says it should…

Source…