Home > News > featured news > Quora Breach Hits 100 Million Users

Quora Breach Hits 100 Million Users

Infosecurity Magazine | December 04, 2018

Quora has become the latest big-name tech firm to suffer a major data breach, after revealing that personal information on 100 million users may have been compromised. The question-and-answer website said it discovered unauthorized access by a malicious third party on Friday, and is currently investigating the exact cause of the incident in concert with a digital forensics firm and law enforcement. The potentially compromised information includes account info such as names, email addresses and encrypted passwords, as well as data imported by users from linked networks. Other data that may have been breached includes public content and actions — like questions, answers, comments and upvotes — and non-public content like answer requests, downvotes and direct messages. “Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content,” the firm clarified.

Spotlight

Securing Remote Access

How prepared was your organization for the pandemic of 2020? If your answer is “not very,” you are not alone. Few could have predicted the circumstances that sped up the work from home (WFH) movement and catapulted remote access to the forefront for many organizations. Prior, there was a steady trend by some to support geographi

More featured news

Spotlight

Securing Remote Access

How prepared was your organization for the pandemic of 2020? If your answer is “not very,” you are not alone. Few could have predicted the circumstances that sped up the work from home (WFH) movement and catapulted remote access to the forefront for many organizations. Prior, there was a steady trend by some to support geographi

Related News

Enterprise Security

Menlo Security and Carahsoft Partner to Provide Leading Cloud Security Solutions to Public Sector Markets

Yahoo Finance | July 12, 2023

Menlo Security, a leader in cloud security, and Carahsoft Technology Corp., The Trusted Government IT Solutions Provider®, today announced its partnership. Under the agreement, Carahsoft will serve as Menlo Security’s Public Sector distributor, making its products available to the Public Sector through Carahsoft’s reseller partners and GSA Schedule, NASA Solutions for Enterprise-Wide Procurement (SEWP) V, Information Technology Enterprise Solutions – Software 2 (ITES-SW2), National Cooperative Purchasing Alliance (NCPA) and OMNIA Partners contracts. “We selected Carahsoft as our partner because of their extensive experience in the Federal Government and Public Sector markets,” said Darrin Curtis, Vice President, Public Sector, Menlo Security. “Providing the products that prevent attacks before they can happen is Menlo’s priority. By working with Carahsoft and its reseller partners, we can help ensure our Federal, State, and Local Governments and agencies are secure from attack.” Earlier this year, Menlo Security received Authorization to Operate (ATO) at the moderate level under the Federal Risk and Authorization Management Program (FedRAMP). Instead of a detect and response approach, Menlo’s FedRAMP-authorized, Isolation Platform, powered by a patented Isolation Core™ stops threats before they can happen. This means safe browsing of all content from anywhere, all the time. According to DISA’s Requirement and Analysis office, Cloud-Based Internet Isolation (CBII) will improve cybersecurity and avoid $300 million in future spending across the Defense Department. Menlo Security’s isolation-powered platform securely connects users to websites and applications from anywhere, while scaling elastically to meet user demand without sacrificing the user experience. Today, Menlo Security cloud security solutions are deployed by more than 100 Government agencies, including the United States Department of Defense (DoD), mission partners, international Governments, State and Local Governments, and educational institutions across the United States. Menlo Security products are designed with a Zero Trust focus. The company’s Cloud Security platform eliminates malware threats, including ransomware. In addition to these threats, Menlo Security has identified a surge in cyberthreats termed Highly Evasive Adaptive Threats (HEAT) that bypass traditional security defenses. HEAT attacks are a very common class of cyber threats targeting the web browser as a highly vulnerable web attack vector used for 75% of the working day. HEAT attacks employ techniques to evade detection by multiple layers in the current security stack including firewalls, Secure Web Gateways, sandboxing, URL Reputation and phishing detection. “We are pleased to add Menlo Security’s products to our solutions portfolio and offer our customers a modernized, cloud-based approach to cybersecurity,” said Troy Meraw, who leads the Menlo Security Team at Carahsoft. “Together with Menlo Security and our reseller partners, we are committed to helping the Public Sector stay ahead of evolving threats in today’s digital landscape.” Menlo Security’s cloud-based cybersecurity offerings are now available through Carahsoft’s GSA Schedule No. 47QSWA18D008F, SEWP V contracts NNG15SC03B and NNG15SC27B, ITES-SW2 Contract W52P1J-20-D-0042, NCPA Contract NCPA01-86, and OMNIA Partners Contract #R191902. The dedicated Cybersecurity team at Carahsoft specializes in providing Federal, State and Local Government agencies and Education and Healthcare organizations with security solutions to safeguard their cyber ecosystem. About Menlo Security Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email. Menlo Security’s patented Isolation-powered cloud security platform scales to provide comprehensive protection across enterprises of any size, without requiring endpoint software or impacting the end user-experience. Menlo Security is trusted by major global businesses, including Fortune 500 companies, eight of the ten largest global financial services institutions, and large governmental institutions. The company is backed by Vista Equity Partners, Neuberger Berman, General Catalyst, American Express Ventures, Ericsson Ventures, HSBC, and JP Morgan Chase.

Read More

Data Security, Software Security, Cloud Security

Lookout Introduces Gen AI Assistant ‘Lookout SAIL’ to Transform Cybersecurity Operations

Business Wire | August 11, 2023

Lookout, Inc., the endpoint-to-cloud security company, today announced the launch of Lookout SAIL, the Company’s new generative artificial intelligence (gen AI) assistant that will reshape the way cybersecurity professionals interact with Lookout Mobile Endpoint Security and Lookout Cloud Security solutions and conduct cybersecurity analysis and data protection. In the rapidly evolving landscape of cybersecurity, companies are engaged in an ongoing battle against cyber criminals who are constantly innovating new tactics. As cyber threats become increasingly sophisticated, every organization faces challenges such as a growing skills gap and resource constraints that hinder the operational efficiency of cyber defenders. Lookout SAIL’s functionalities focus on security education, platform navigation and security telemetry analysis. This gen AI assistant serves as a valuable companion, offering insights and assistance to users, ultimately streamlining tasks such as administration, policy creation, incident response and threat hunting. Lookout SAIL allows people to interact naturally with the Lookout platform instead of having to learn from a user manual or guide. Through its integration into Lookout's existing user experience, Lookout SAIL also enhances workflow and accelerates user interactions, leading to increased productivity and effectiveness. Lookout SAIL capabilities include: Platform navigation and operational efficiency: Speeds up onboarding to the Lookout platform, guiding new users through relevant platform features and answering onboarding questions within the chat feature. Users can easily “sail” around the platform to obtain answers, visualize results, and perform desired actions. Example: “Help me add a new admin to the system.” Security status: Allows users to ask questions about specific tenants and investigate their organization’s security posture. Example: “Find high and medium-risk iOS devices that have anti-phishing features enabled.” Security education: Equips users with up-to-date industry knowledge on basic and emerging topics. Example: “What is the difference between Secure DNS and On-Device VPN?” “Lookout SAIL is a force multiplier for cyber defenders. It allows people to interact naturally with the Lookout platform instead of having to learn from a user manual or guide. It’s the start of a journey that fundamentally transforms how people interact with systems and information, touching everything from onboarding to training, as well as cybersecurity tasks like administration, policy creation, incident response, and threat hunting,” said Aaron Cockerill, Chief Strategy Officer, Lookout. “Think of Lookout SAIL as a helpful companion, providing useful information to the user and taking them directly where they need to be, even performing actions for the user on demand.” Lookout has a storied history with AI and machine learning. Since its founding 15 years ago, Lookout has treated mobile cybersecurity and anti-phishing as a Big Data problem — and one that requires machine learning to solve. The Company also applied the same strategy to security against insider threats and account takeovers, pioneering the use of machine learning to monitor user behavior to prevent data leakage and exfiltration. The Company now has the world’s largest mobile security dataset. Lookout platform analyzes telemetry from 215 million Android and iOS devices, 269 million apps from app stores worldwide and hundreds of millions of web destinations to uncover hundreds of phishing sites every day. This enables Lookout customers the ability to detect and respond to security threats in real-time on mobile endpoints and in the cloud. About Lookout Lookout, Inc. is the endpoint-to-cloud security company purpose-built for the intersection of enterprise and personal data. We safeguard data across devices, apps, networks and clouds through our unified, cloud-native security platform — a solution that's as fluid and flexible as the modern digital world. By giving organizations and individuals greater control over their data, we enable them to unleash its value and thrive. Lookout is trusted by enterprises of all sizes, government agencies and millions of consumers to protect sensitive data, enabling them to live, work and connect — freely and safely. To learn more about the Lookout Cloud Security Platform, visit www.lookout.com and follow Lookout on our blog, LinkedIn and Twitter.

Read More

Platform Security, Software Security, Cloud Security

Aqua Security Unveils AI-Guided Remediation for Lightning-Fast Vulnerability Response

GlobeNewswire | August 04, 2023

Aqua Security, the pioneer in cloud native security, today announced enhancement of the Aqua Cloud Security Platform with the availability of AI-Guided Remediation capabilities. Now overburdened security teams can better operationalize risk findings to rapidly reduce risk and help developers quickly fix issues. According to the Cybersecurity and Infrastructure Security Agency, adversaries exploit a vulnerability within 15 days (on average) of discovery, putting an organization at risk for nefarious activity. This window of exposure combined with an overwhelming volume of alerts amplifies the need for all organizations to reduce mean time to remediation (MTTR). “Cyber threats evolve faster than ever, and security practitioners are increasingly challenged to identify and quickly resolve critical issues,” said Amir Jerbi, CTO and co-founder, Aqua Security. “With Aqua Security’s AI-Guided Remediation, we’re empowering security teams to expedite the resolution of vulnerabilities and misconfigurations. This not only enhances cloud security, but it also fosters collaboration between developers and security experts, ensuring a more resilient and secure ecosystem.” With step-by-step instructions on how to fix the issue, it dramatically reduces the MTTR for security teams and reduces risk exposure, removing the hassle of manually finding advisories, the associated patches and verification steps. AI-Guided Remediation eliminates the guesswork, searching and self-education time, and it allows the developers to focus on completing the fix rather than trying to figure out how to complete it. Leveraging AI-Guided Remediation, dev and security teams can automatically generate prescriptive remediation steps for any misconfigurations and vulnerabilities across multiple clouds and workload types. As part of a comprehensive security platform with dev security, Aqua provides consistent information to dev and security teams within Aqua’s cloud native application protection platform (CNAPP), the Aqua Cloud Security Platform. Break Down Friction, Unify Security A top organizational challenge of DevSecOps adoption is the lack of collaboration between dev and security teams (source: IDC)1. AI-Guided Remediation bridges that gap while also reducing friction. Despite having different goals and responsibilities, developers are facing increasing pressure to act as security experts. As further illustrated by IDC data, building a culture of shared ownership between dev and security is a driver for adopting a DevSecOps. AI-Guided Remediation provides prescriptive contextual guidance to help developers, who may not be security experts, arm themselves with the information they need to remediate quickly and collaborate more effortlessly. “As a developer, AI-Guided Remediation is like having a security expert in your pocket,” said Jerbi. AI-Guided Remediation leverages generative AI and is part of the SaaS addition of the Aqua Cloud Security Platform; it is available with an Open AI integration with ChatGPT. To learn more, visit Aquasec.com. About Aqua Security Aqua Security stops cloud native attacks across the application lifecycle and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. As the pioneer in cloud native security, Aqua helps customers reduce risk while building the future of their businesses. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), protecting the application lifecycle from cloud to cloud and back. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries. For more information, visit https://www.aquasec.com/.

Read More

Enterprise Security

Menlo Security and Carahsoft Partner to Provide Leading Cloud Security Solutions to Public Sector Markets

Yahoo Finance | July 12, 2023

Menlo Security, a leader in cloud security, and Carahsoft Technology Corp., The Trusted Government IT Solutions Provider®, today announced its partnership. Under the agreement, Carahsoft will serve as Menlo Security’s Public Sector distributor, making its products available to the Public Sector through Carahsoft’s reseller partners and GSA Schedule, NASA Solutions for Enterprise-Wide Procurement (SEWP) V, Information Technology Enterprise Solutions – Software 2 (ITES-SW2), National Cooperative Purchasing Alliance (NCPA) and OMNIA Partners contracts. “We selected Carahsoft as our partner because of their extensive experience in the Federal Government and Public Sector markets,” said Darrin Curtis, Vice President, Public Sector, Menlo Security. “Providing the products that prevent attacks before they can happen is Menlo’s priority. By working with Carahsoft and its reseller partners, we can help ensure our Federal, State, and Local Governments and agencies are secure from attack.” Earlier this year, Menlo Security received Authorization to Operate (ATO) at the moderate level under the Federal Risk and Authorization Management Program (FedRAMP). Instead of a detect and response approach, Menlo’s FedRAMP-authorized, Isolation Platform, powered by a patented Isolation Core™ stops threats before they can happen. This means safe browsing of all content from anywhere, all the time. According to DISA’s Requirement and Analysis office, Cloud-Based Internet Isolation (CBII) will improve cybersecurity and avoid $300 million in future spending across the Defense Department. Menlo Security’s isolation-powered platform securely connects users to websites and applications from anywhere, while scaling elastically to meet user demand without sacrificing the user experience. Today, Menlo Security cloud security solutions are deployed by more than 100 Government agencies, including the United States Department of Defense (DoD), mission partners, international Governments, State and Local Governments, and educational institutions across the United States. Menlo Security products are designed with a Zero Trust focus. The company’s Cloud Security platform eliminates malware threats, including ransomware. In addition to these threats, Menlo Security has identified a surge in cyberthreats termed Highly Evasive Adaptive Threats (HEAT) that bypass traditional security defenses. HEAT attacks are a very common class of cyber threats targeting the web browser as a highly vulnerable web attack vector used for 75% of the working day. HEAT attacks employ techniques to evade detection by multiple layers in the current security stack including firewalls, Secure Web Gateways, sandboxing, URL Reputation and phishing detection. “We are pleased to add Menlo Security’s products to our solutions portfolio and offer our customers a modernized, cloud-based approach to cybersecurity,” said Troy Meraw, who leads the Menlo Security Team at Carahsoft. “Together with Menlo Security and our reseller partners, we are committed to helping the Public Sector stay ahead of evolving threats in today’s digital landscape.” Menlo Security’s cloud-based cybersecurity offerings are now available through Carahsoft’s GSA Schedule No. 47QSWA18D008F, SEWP V contracts NNG15SC03B and NNG15SC27B, ITES-SW2 Contract W52P1J-20-D-0042, NCPA Contract NCPA01-86, and OMNIA Partners Contract #R191902. The dedicated Cybersecurity team at Carahsoft specializes in providing Federal, State and Local Government agencies and Education and Healthcare organizations with security solutions to safeguard their cyber ecosystem. About Menlo Security Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email. Menlo Security’s patented Isolation-powered cloud security platform scales to provide comprehensive protection across enterprises of any size, without requiring endpoint software or impacting the end user-experience. Menlo Security is trusted by major global businesses, including Fortune 500 companies, eight of the ten largest global financial services institutions, and large governmental institutions. The company is backed by Vista Equity Partners, Neuberger Berman, General Catalyst, American Express Ventures, Ericsson Ventures, HSBC, and JP Morgan Chase.

Read More

Data Security, Software Security, Cloud Security

Lookout Introduces Gen AI Assistant ‘Lookout SAIL’ to Transform Cybersecurity Operations

Business Wire | August 11, 2023

Lookout, Inc., the endpoint-to-cloud security company, today announced the launch of Lookout SAIL, the Company’s new generative artificial intelligence (gen AI) assistant that will reshape the way cybersecurity professionals interact with Lookout Mobile Endpoint Security and Lookout Cloud Security solutions and conduct cybersecurity analysis and data protection. In the rapidly evolving landscape of cybersecurity, companies are engaged in an ongoing battle against cyber criminals who are constantly innovating new tactics. As cyber threats become increasingly sophisticated, every organization faces challenges such as a growing skills gap and resource constraints that hinder the operational efficiency of cyber defenders. Lookout SAIL’s functionalities focus on security education, platform navigation and security telemetry analysis. This gen AI assistant serves as a valuable companion, offering insights and assistance to users, ultimately streamlining tasks such as administration, policy creation, incident response and threat hunting. Lookout SAIL allows people to interact naturally with the Lookout platform instead of having to learn from a user manual or guide. Through its integration into Lookout's existing user experience, Lookout SAIL also enhances workflow and accelerates user interactions, leading to increased productivity and effectiveness. Lookout SAIL capabilities include: Platform navigation and operational efficiency: Speeds up onboarding to the Lookout platform, guiding new users through relevant platform features and answering onboarding questions within the chat feature. Users can easily “sail” around the platform to obtain answers, visualize results, and perform desired actions. Example: “Help me add a new admin to the system.” Security status: Allows users to ask questions about specific tenants and investigate their organization’s security posture. Example: “Find high and medium-risk iOS devices that have anti-phishing features enabled.” Security education: Equips users with up-to-date industry knowledge on basic and emerging topics. Example: “What is the difference between Secure DNS and On-Device VPN?” “Lookout SAIL is a force multiplier for cyber defenders. It allows people to interact naturally with the Lookout platform instead of having to learn from a user manual or guide. It’s the start of a journey that fundamentally transforms how people interact with systems and information, touching everything from onboarding to training, as well as cybersecurity tasks like administration, policy creation, incident response, and threat hunting,” said Aaron Cockerill, Chief Strategy Officer, Lookout. “Think of Lookout SAIL as a helpful companion, providing useful information to the user and taking them directly where they need to be, even performing actions for the user on demand.” Lookout has a storied history with AI and machine learning. Since its founding 15 years ago, Lookout has treated mobile cybersecurity and anti-phishing as a Big Data problem — and one that requires machine learning to solve. The Company also applied the same strategy to security against insider threats and account takeovers, pioneering the use of machine learning to monitor user behavior to prevent data leakage and exfiltration. The Company now has the world’s largest mobile security dataset. Lookout platform analyzes telemetry from 215 million Android and iOS devices, 269 million apps from app stores worldwide and hundreds of millions of web destinations to uncover hundreds of phishing sites every day. This enables Lookout customers the ability to detect and respond to security threats in real-time on mobile endpoints and in the cloud. About Lookout Lookout, Inc. is the endpoint-to-cloud security company purpose-built for the intersection of enterprise and personal data. We safeguard data across devices, apps, networks and clouds through our unified, cloud-native security platform — a solution that's as fluid and flexible as the modern digital world. By giving organizations and individuals greater control over their data, we enable them to unleash its value and thrive. Lookout is trusted by enterprises of all sizes, government agencies and millions of consumers to protect sensitive data, enabling them to live, work and connect — freely and safely. To learn more about the Lookout Cloud Security Platform, visit www.lookout.com and follow Lookout on our blog, LinkedIn and Twitter.

Read More

Platform Security, Software Security, Cloud Security

Aqua Security Unveils AI-Guided Remediation for Lightning-Fast Vulnerability Response

GlobeNewswire | August 04, 2023

Aqua Security, the pioneer in cloud native security, today announced enhancement of the Aqua Cloud Security Platform with the availability of AI-Guided Remediation capabilities. Now overburdened security teams can better operationalize risk findings to rapidly reduce risk and help developers quickly fix issues. According to the Cybersecurity and Infrastructure Security Agency, adversaries exploit a vulnerability within 15 days (on average) of discovery, putting an organization at risk for nefarious activity. This window of exposure combined with an overwhelming volume of alerts amplifies the need for all organizations to reduce mean time to remediation (MTTR). “Cyber threats evolve faster than ever, and security practitioners are increasingly challenged to identify and quickly resolve critical issues,” said Amir Jerbi, CTO and co-founder, Aqua Security. “With Aqua Security’s AI-Guided Remediation, we’re empowering security teams to expedite the resolution of vulnerabilities and misconfigurations. This not only enhances cloud security, but it also fosters collaboration between developers and security experts, ensuring a more resilient and secure ecosystem.” With step-by-step instructions on how to fix the issue, it dramatically reduces the MTTR for security teams and reduces risk exposure, removing the hassle of manually finding advisories, the associated patches and verification steps. AI-Guided Remediation eliminates the guesswork, searching and self-education time, and it allows the developers to focus on completing the fix rather than trying to figure out how to complete it. Leveraging AI-Guided Remediation, dev and security teams can automatically generate prescriptive remediation steps for any misconfigurations and vulnerabilities across multiple clouds and workload types. As part of a comprehensive security platform with dev security, Aqua provides consistent information to dev and security teams within Aqua’s cloud native application protection platform (CNAPP), the Aqua Cloud Security Platform. Break Down Friction, Unify Security A top organizational challenge of DevSecOps adoption is the lack of collaboration between dev and security teams (source: IDC)1. AI-Guided Remediation bridges that gap while also reducing friction. Despite having different goals and responsibilities, developers are facing increasing pressure to act as security experts. As further illustrated by IDC data, building a culture of shared ownership between dev and security is a driver for adopting a DevSecOps. AI-Guided Remediation provides prescriptive contextual guidance to help developers, who may not be security experts, arm themselves with the information they need to remediate quickly and collaborate more effortlessly. “As a developer, AI-Guided Remediation is like having a security expert in your pocket,” said Jerbi. AI-Guided Remediation leverages generative AI and is part of the SaaS addition of the Aqua Cloud Security Platform; it is available with an Open AI integration with ChatGPT. To learn more, visit Aquasec.com. About Aqua Security Aqua Security stops cloud native attacks across the application lifecycle and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. As the pioneer in cloud native security, Aqua helps customers reduce risk while building the future of their businesses. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), protecting the application lifecycle from cloud to cloud and back. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries. For more information, visit https://www.aquasec.com/.

Read More

More featured news