Shares of cloud-based security provider FireEye are up over 6% in late trading after the company this afternoon reported Q3 revenue and profit that topped analysts’ expectations and forecast this quarter’s revenue is higher as well. 

FireEye’s CEO, Kevin Mandia, said the company’s results showed how much progress the company has made “transforming our business.”
Revenue in the three months ended in September rose almost 6%, year over year, to $238.6 million, yielding EPS of 11 cents. Analysts had been modeling, on average, $228 million and 7 cents per share. 
For the current quarter, the company sees revenue in a range of $237 million to $241 million and EPS in a range of 9 cents to 11 cents. That is, again, higher than consensus on the revenue line, at $237 million, and in line with profit consensus of 10 cents per share.
With the forecast, the company’s full-year outlook for 2020 now stands at $930 million to $934 million, up from a forecast offered in July of $905 million to $925 million.
The company said its annualized recurring revenue reached an all-time high of $612 million, up 6%, year over year. 
Said Mandian, “We released our cloud-native Mandiant Advantage platform in October, making our intelligence and expertise easily accessible and actionable to any security organization, regardless of the security controls they deploy.” The company “also announced a collaboration with Microsoft to provide cybersecurity services based on Microsoft security products.” added Mandia.
“Both announcements reflect the technology-agnostic approach of Mandiant Solutions and allow us to expand our addressable market beyond the installed base of current FireEye customers.”
FireEye, founded sixteen years ago in the Silicon Valley town of Milpitas, California, began by offering an appliance product to detect Web site threats, running inside of a virtual machine. 
The company expanded into its current form with the 2013 acquisition of privately held Mandiant, an incident response and forensics firm founded by Mandia.
FireEye stock rose almost 6% in late trading, to $14.90. 

Tech Earnings More

Image via Brave
With the release of Brave 1.19 today, Brave has become the first major browser maker to support IPFS, a peer-to-peer protocol meant for accessing decentralized or censored content.

Released in 2015, IPFS stands for InterPlanetary File System. It is a classic peer-to-peer protocol similar to BitTorrent and designed to work as a decentralized storage system.
Also: Best VPNs • Best security keys
IPFS allows users to host content distributed across hundreds or thousands of systems, which can be public IPFS gateways or private IPFS nodes. Users who want to access any of this content must enter an URL in the form of ipfs://{content_hash_ID}.
Under normal circumstances, users would download this content from the nearest nodes or gateways rather than a central server. However, this only works if users have installed an IPFS desktop app or a browser extension.
Brave says that with version 1.19, users will be able to access URLs that start with ipfs://, directly from the browser, with no extension needed, and that Brave will natively support ipfs:// links going forward.
Since some major websites like Wikipedia have IPFS versions, users in oppressive countries can now use Brave’s new IPFS support to go around national firewalls and access content that might be blocked inside their country for political reasons and is available via IPFS.

In addition, Brave also says that its users can also install their own IPFS node with one click with version 1.19 and help contribute to hosting some of the content they download to view.
A focus on privacy features
“We’re thrilled to be the first browser to offer a native IPFS integration with today’s Brave desktop browser release,” said Brian Bondy, CTO and co-founder of Brave. “Integrating the IPFS open-source network is a key milestone in making the Web more transparent, decentralized, and resilient.”
This marks the second decentralized browsing protocol that Brave now supports after integrating the Tor network and the Onion protocol in June 2018 in the form of a feature now known as “Tor Tabs.”
But Brave also said that work on its IPFS integration is also expected to expand in the coming future. The browser maker plans to support automatic redirects from DNSLink websites to their native IPFS versions, the ability to co-host an IPFS website, the ability to easily publish to IPFS, and more, in future versions.
Native IPFS support is just the latest in a long line of privacy-focused features that Brave has added to its product. Previous ones include support for a private video chat system, a built-in ad blocker, fingerprinting randomization, minimal telemetry, query parameter filtering, social media blocking, and others.
Brave, which launched in 2016 to great fanfare, is currently believed to have around 24 million monthly active users, after passing the 20 million mark last November. More

The Samsung Galaxy Z Fold 5 is last year’s model. June Wan/ZDNETNew Samsung Galaxy phones, watches, and even a smart ring are on the way — and if you reserve one now More

A security vulnerability that was left unpatched for three years allowed a notorious cyber-criminal gang to breach a network and plant ransomware. The BlackCat ransomware attack against the undisclosed organisation took place in March 2022 and has been detailed by cybersecurity researchers at Forescout who investigated the incident. 

BlackCat ransomware – also known as ALPHV – is becoming one of the most active ransomware groups currently, to the extent that the FBI has released an alert about it, warning how the group has compromised at least 60 victims around the world. SEE: Cybersecurity: Let’s get tactical (ZDNet special report)While BlackCat has a reputation for running a sophisticated ransomware operation, it was a simple technique that allowed malicious cyber criminals to gain initial access to the network – exploiting an SQL injection vulnerability in an internet-exposed unpatched and end-of-life SonicWall SRA appliance. A security patch has been available to fix the vulnerability since 2019, but it hadn’t been applied in this case, providing cyber criminals with an easy entry point into the network.  From there, the attackers were able to gain access to usernames and passwords, using them to gain access to ESXi servers, where the ransomware payload was ultimately deployed.  BlackCat deploys several techniques not used by other ransomware groups designed to make attacks successful. For starters, the ransomware is written in the Rust programming language, which is unusual for malware and makes it more difficult to detect and examine. The ransomware also uses a unique binary for each victim, based around information found in the target environment. The unique binary makes it more difficult to identify attacks as the code used in each campaign will be slightly different.  “A unique binary that is not general for each victim makes the detection harder,” Daniel dos Santos, head of security research at Forescout, told ZDNet.  In the case of the March 2022 incident, the attack was partially successful. BlackCat ransomware successfully encrypted servers and files, but the attack wasn’t able to spread to other parts of the network because it had been segmented. While the attackers could control one area of the network, they couldn’t move into other sections. “The segmentation was actually well done in this case and that’s why it was contained,” said dos Santos, who added that this attack using BlackCat ransomware-as-a-service appeared to have been carried out by a cyber criminal who was still learning how to conduct attacks properly. “The impression we got is that the affiliate that was running the actual malware wasn’t very experienced”. SEE: Google: We’re spotting more zero-day bugs than ever. But hackers still have it too easyHowever, despite the inexperience of the attacker, some servers were still infected with malware. While no ransom was paid, and the network segmentation reduced the impact of the attack, the whole incident could have been avoided if some basic cybersecurity hygiene advice had been followed. Those steps would have included applying the relevant security updates to fix a vulnerability that was first disclosed in 2019. “The biggest lesson here is patch the network infrastructure – whatever is facing the internet, it’s always important for it to be fully patched,” said dos Santos. It’s also recommended that organisations monitor their networks for external access from known IP addresses or unusual patterns of behavior. In addition, businesses should backup their servers regularly. Then, if something happens, the network can be restored to a recent point without needing to pay a ransom. MORE ON CYBERSECURITY More

I like the idea that users can take back control of their data in a variety of ways, and I really like the fact that my web search results are not being used to direct ultra-targeted ads toward me.
Xayn
I have been using DuckDuckGo for a while now, have used Presearch when I use Chrome as a browser, and Startpage is my search tab on my Edge browser.
Recently I have been having a look at Germany-based tech startup Xayn’s app for my Android device.
It is based on research in privacy-protecting AI and stands for transparency and ethical AI made in Europe.
The app lets you have control over its search algorithms.
By swiping left or right on the results, you can influence what results are displayed and can teach the algorithms which results you want to see more of in the future.
Its AI model is a quantized tiny multilingual Sentence-BERT optimized for mobile to understand the natural language of queries of the words you used in your query as well as in the results.

Then it uses an unsupervised clustering model to group these points into different clusters of interest — for example, sports or arts.
It then calculates the distance to the clusters to reduce the computational cost in the future.
A third model called ListNet analyzes the history of search interactions to understand which types of domain you like — for example, Wikipedia instead of Instagram
Search companies want to know as much as possible about you so that they can control the results that are delivered to you.
The problem is that to get the most accurate search results, users have to compromise their privacy. Xayn keeps its data completely with the user.
With Xayn, users can customize features such as turning AI on to deliver unique search results and can turn it off if they do not want the feature.

Xayn
The app gives you a one-hand control and zero-click search to make it easy to use. Collect, store, and sort through your favorite web content so that you do not lose any information.
Your home screen shows your own personal feed of the web, determined by your search history.
Leif Nissen Lundbæk, co-founder and CEO at Xayn, said: 

“I’ve always hated having to choose between privacy and convenience when searching online.
I also found it creepy that I didn’t know why certain results were shown to me by the algorithms. Despite all that, I was still using established search giants, because I lost too much time finding what I was looking for with the privacy alternatives.”

The only challenge I can see with Xayn is that users might swipe away all of the news articles that do not match their fundamental beliefs.
There is a risk of the app displaying ever more right-wing or left-wing content over time. Users prefer to see the types of articles they like and form a ‘bubble of belief’ to validate their choice.
A really clever AI will be able to solve this issue one day — but, for now, this neat customizable app will deliver exactly the results you want to see with the privacy you need. More