Yazılar

Wiz Appoints Fazal Merchant as President and CFO to Prepare for IPO

/in /tarafından

Israeli cloud security firm Wiz has appointed veteran executive Fazal Merchant as its president and chief financial officer (CFO) to continue its rapid growth and pave the way for a U.S. initial public offering (IPO) in the next year.

Merchant’s appointment comes after the company turned down a reported $23 billion acquisition offer from Google’s parent company, Alphabet, in July. Wiz’s CEO Assaf Rappaport emphasized that the company’s focus would now be on an IPO and reaching an annual recurring revenue of $1 billion.

Currently, Wiz generates approximately $500 million in annual revenue, having grown significantly since its 2020 founding. The company serves half of the Fortune 100 companies and has raised $1.9 billion in private financing, with a valuation of $12 billion after raising $1 billion in May 2023.

Merchant, who previously served as co-CEO of U.S. cybersecurity firm Tanium and CFO of DreamWorks Animation, highlighted Wiz’s healthy liquidity and its strategy to prepare for the IPO. He noted that IPO readiness could take 12 months, or potentially longer, depending on market conditions.

Merchant also emphasized Wiz’s goal of becoming the leader in cloud security as the global shift to cloud computing continues, with only 15% of the world’s infrastructure in the cloud. As the company expands in Europe and Asia, it sees significant growth potential in the cybersecurity sector.

 

Biden to Order Tougher Cybersecurity Standards Amid Growing China Hacking Threat

/in /tarafından

President Joe Biden is preparing to issue an executive order aimed at enhancing cybersecurity standards for federal agencies and contractors, as part of efforts to combat the escalating threat of cyberattacks linked to China and cybercriminal organizations. The new executive order, expected to be published in the coming days, seeks to address several high-profile cyberattacks attributed to China, targeting critical infrastructure, government agencies, major telecom firms, and most recently, the U.S. Treasury Department. While the U.S. government has attributed these hacks to China, Beijing has consistently denied involvement.

The proposed order emphasizes stricter standards for secure software development, including the need for vendors to provide detailed documentation that verifies adherence to these standards. The Cybersecurity and Infrastructure Security Agency (CISA) will be tasked with evaluating and validating this documentation through its software attestation program. Vendors whose software fails validation may face further legal action, as per the draft.

Tom Kellermann, Senior Vice President of Cyber Strategy at Contrast Security, expressed support for the effort to push for more secure software development but warned that the proposed attestation process might not go far enough. Kellermann pointed out that the timeline outlined in the order appears arbitrary given the urgency of the threat posed by China, Russia, and cybercriminal syndicates. “They’re already here,” Kellermann said, stressing the ongoing cyberattacks against U.S. critical infrastructure and government agencies, which have been fueled by foreign state actors.

The executive order also includes guidelines for the secure management of access tokens and cryptographic keys used by cloud providers. In 2023, Chinese-linked hackers exploited vulnerabilities in this area to access email accounts belonging to senior U.S. government officials, an issue that was highlighted by Microsoft.

Brandon Wales, Vice President of Cybersecurity Strategy at SentinelOne, acknowledged that the order builds on efforts from the past five years to strengthen cybersecurity capabilities, and emphasized that the Chinese threat is a major focus. However, he also noted that the U.S. faces a broad range of cybersecurity challenges that require ongoing attention.

The White House has declined to comment on the forthcoming order, and CISA did not respond to requests for comment.

 

US Removes Malware Allegedly Planted by Chinese-Backed Hackers

/in /tarafından

The U.S. Justice Department announced on Tuesday that it had successfully removed malware, known as “PlugX,” from over 4,200 computers that had been targeted by a group of hackers linked to the Chinese government. The malware, which had been used to steal sensitive information, was installed through infected USB devices by a group identified as “Mustang Panda” or “Twill Typhoon.”

The hackers, allegedly backed by the Chinese government, used PlugX for cyber-espionage, affecting thousands of computers globally. According to U.S. prosecutors, the Chinese government paid the Mustang Panda group to develop the malware. The hacking campaign has been active since at least 2014, targeting computers in the U.S., Europe, and Asia, as well as those belonging to Chinese political dissidents.

Cybersecurity company Sekoia traced the command-and-control infrastructure for PlugX and collaborated with French law enforcement to seize control of it in July 2024. In coordination with French authorities, the FBI identified devices in the U.S. affected by the malware and worked to send self-delete commands to remove it from those devices.

The operation marks a significant step in international cooperation to counteract cyber threats linked to state-sponsored hackers, with U.S. officials emphasizing the importance of protecting critical infrastructure from such sophisticated attacks.