![]() Kelly held the role of chief security officer at Facebook and previously worked at the National Security Agency and US Cyber Command, while co-founder John Hering founded and served as CEO for the cybersecurity firm Lookout. ![]() ’s founding team boasts of security intelligence experience that spans the public and private sectors. They need a partner that provides broader context and the capabilities to pursue and disrupt adversaries - within the rule of law - to protect their businesses.” In order to be truly resilient, companies need more than simple monitoring and auditing of their environments for malicious activity. “Just playing defence is a losing strategy. Kelly said, “Adversaries that attack companies and high net worth entities operate outside the law and elude consequences for their actions, creating an uneven playing field for defenders. The system provides customers with continual awareness of their security posture at all times and what actions the system is taking to keep them safe. If an attack does occur, ’s software enables the team to hold attackers accountable and disrupt their operations. It essentially handles the whole spectrum of security needs from attack prevention, detection and response to damage mitigation. Led by Max Kelly, provides a platform with advanced threat intelligence and response capabilities that enable organisations to disrupt adversaries and protect their businesses. The company intends to use the funds to scale and accelerate the adoption of its platform with the aim to level the playing field against cyber attackers. As a part of the announcement, Alex Doll from Ten Eleven Ventures and Constantine Saab from Valor Equity Partners joined ’s board of directors. The round, which brought the total raised to date to $60m, was led by Ten Eleven Ventures, with participation from Valor Equity Partners and SVB Capital. ![]() “The consequences to insecurely redacting information is highly context-dependent, but generally, someone redacts information because they don’t want it to be read.San Francisco-based cybersecurity startup emerged from stealth with $35m in Series B funding. ![]() The researcher added: “Redacted data can be almost anything from passwords in a pen test report to victim names in a criminal report. Petro said that the tool is aimed at being used by “possibly Red Teams”, but added that it “is mostly a proof-of-concept to drive home a point – never redact text with anything other than black bars fully covering the text”. The blog post contains more technical detail on how the Unredacter tool was built, as well as a proof of concept. “I like the theory of this tool a lot,” he said, but added that it “doesn’t work as well in practice as you’d like”. Read more of the latest news about new hacking tools Petro wrote: “…there’s an existing tool called Depix that tries to do exactly this through a really clever process of looking up what permutations of pixels could have resulted in certain pixelated blocks, given a De Bruijn sequence of the correct font.” These issues include character bleed over, when a letter shares more than one pixilation column, variable widths between letters, and font inconsistency, which can all make using an algorithm difficult. Petro explained that assuming one already knows the font type for the original information and of the redacted text, “since the attacker in a realistic scenario would likely have received a full report”, his tool can be used to circumvent common issues when it comes to revealing redacted information. “Clearly the community needed to be convinced that pixilation is bad, and a tool to un-redact is the best way to do it.” The tool “But you see it all the time out there on the internet, often by journalists. He told The Daily Swig: “It’s just not a secure way to redact information,” he explained. “Sometimes, people like to be clever and try some other redaction techniques like blurring, swirling, or pixilation,” lead researcher Dan Petro wrote. Insecureīishop Fox has a “long-standing policy” to only redact information using black bars, which the company says is the only secure way technique. In a blog post, lead researcher Dan Petro, who wrote the tool, explained that it was created in order to complete a challenge set by Jumspec, and also due to the use of pixilation being a “pet peeve” of his. To demonstrate that pixilation is “a no-good, bad, insecure, surefire way to get your sensitive data leaked”, it was designed to take redacted pixelized text and reverse it back into its reveal the supposedly hidden “clear text”. The tool, called Unredacter, was released by Bishop Fox today (February 15). Researchers have demonstrated how a new tool can uncover redacted text from documents, potentially exposing sensitive information to nefarious actors. Developer warns that redaction method is insecure
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |