December 22, 2024

PayPal Buys Cybersecurity Firm, Creates Israel Hub

Posted on March 10, 2015 by in Security

Online payments group PayPal announced Tuesday it was acquiring Israeli cybersecurity firm CyActive and establishing a new security hub in Israel.

The terms of the deal were not announced, but some reports this week said PayPal, which is being spun off by online giant eBay, was paying $ 60 million for CyActive.

“Our goal is to extend our global security leadership, and bolster our efforts in predictive threat detection and prevention,” said PayPal chief technology officer James Barrese in a blog post.

“The acquisition of CyActive will bring great talent and immediately add ‘future-proof’ technology to PayPal’s world-class security platform. With CyActive, we’ll have even more ways to proactively predict and prevent security threats from ever affecting our customers.”

The move comes with the finance sector increasingly under attack from hackers. In recent months, major companies have disclosed data breaches affecting tens of millions of customers, with credit card or financial information leaked in some cases.

CyActive, which launched in 2013, specializes in “predictive cybersecurity,” or heading off online attacks before they happen.

The company’s website claims it has “an unprecedented ability to automatically forecast the future of malware evolution, based on bio-inspired algorithms and a deep understanding of the black hats’ hacking process.”

Online retail giant eBay unveiled plans last September to spin off PayPal, aiming to help the unit compete better in the fast-moving online payments segment.

According to eBay, PayPal facilitates one in every six dollars spent online today.

And PayPal has moved into mobile payments with the acquisition of the payment processing group Braintree, boosting its own mobile platform called OneTouch.

Subscribe to the SecurityWeek Email Briefing

view counter

© AFP 2013


SecurityWeek RSS Feed

Anti-Fraud Firm InfoArmor Acquires IntelCrawler

Posted on January 28, 2015 by in Security

InfoArmor, a provider of fraud and identify theft protection services, has acquired cybercrime research firm IntelCrawler for an undisclosed sum.

With IntelCrawler under its belt, Scottsdale, Arizona-based InfoArmor plans to form a new Enterprise Threat Intelligence unit that will help customers discover and block attacks targeting intellectual property.

Founded in 2013 by Dan Clements and Andrew Komarov, IntelCrawler offers threat intelligence, data and security research services to large corporate and government clients.

 

Komarov previously worked for Russian cybercrime research firm Group-IB.

IntelCrawler has uncovered a number of cybercrime operators and malware, including a claim back in Jan. 2014 when the company said it had discovered someone they believe was tied to the malware known as Kaptoxa or BlackPOS, which was used in the high-profile attacks against Target.

“InfoArmor is thrilled about joining forces with Dan, Andrew and the IntelCrawler team,” said John Schreiber, InfoArmor’s president, adding that IntelCrawler’s data, intelligence and research capabilities are beneficial for its clients, who are pushing for threat identification, assessment, and attribution. 

“Using IntelCrawler’s context-aware intelligence and operative human intelligence, we will now be able to connect even more dots between cyber intelligence and emerging enterprise threats,” said Drew Smith, CEO of InfoArmor.

The cash and stock transaction was completed on Jan. 23, 2015.

Subscribe to the SecurityWeek Email Briefing

view counter

Managing Editor, SecurityWeek.

Previous Columns by Mike Lennon:


SecurityWeek RSS Feed

Mobile Ad Libraries Put Enterprise Data at Risk, Firm Says

Posted on June 4, 2014 by in Security

Mojave Networks Introduces Mobile Application Reputation Feature

Mojave Networks has added a new feature to the company’s professional and enterprise services in an effort to help organizations minimize the risks posed by the mobile applications used by their employees.

According to the company, organizations can use the new feature to discover potential risks by analyzing data collected and transmitted from mobile apps, and create policies for data loss prevention based on the information.

The new mobile application reputation offering, which is available immediately, includes features like customizable analytics, categorization of apps by risk level, application tracking, and integration with device management and network security solutions.

“The ‘bring your own device’ (BYOD) trend is transitioning to ‘bring your own applications’ (BYOA) as users download more and more apps to share data, increase productivity and stay connected,” noted  Garrett Larsson, CEO and co-founder of Mojave Networks.

“If any application running on a mobile device connected to the network is insecure, it can put highly sensitive corporate data at risk. Our new application reputation feature can help enterprises improve their mobile security posture by eliminating the risk of insecure applications.”

The company analyzes over 2,000 mobile apps every day by tracking 200 individual risk factors in 15 different categories. In addition to static and dynamic analysis, Mojave Networks said that it uses data from real-world usage of the tested applications to determine if an application is safe.

One risk that’s particularly problematic for enterprises is when private data is collected and sent to remote Web APIs, the company warned.

“Some of the most significant risk factors affecting corporate employees and individual mobile users, such as data loss and PII collection, occur not by the application itself, but within mobile advertising libraries and other library components such as social media or analytic tools,” Ryan Smith, Mojave’s lead threat engineer, explained in a blog post.

Based on the analysis of more than 11 million URLs to which mobile apps connect to, Mojave Threat Labs determined that business users connect to at least as many data-gathering libraries as consumers. During its analysis, the company found that 65% of applications downloaded by business users connect to an advertising network, and 40% of them connect to a social network API.

“It is critically important that users and IT Administrators understand what data is being collected from their devices, where it is being sent, and how it is being used. Given that the majority of the sensitive data being collected occurs within these third party libraries such as ad networks, social media APIs, and analytics tools, it is therefore important to fully understand each of the libraries included in your mobile apps,” Smith noted.

Founded in San Mateo, CA in 2011, Mojave Networks raised a $ 5 million round of funding in November 2013, in addition to launching a cloud-based, enterprise-grade solution that protects mobile devices starting at the network level. 

Previous Columns by Eduard Kovacs:


SecurityWeek RSS Feed