Skip to main content

81% of VC firms don’t have a single black investor — BLCK VC plans on changing that

Venture capital has a diversity problem . BLCK VC , a new organization founded by Storm Ventures associate Frederik Groce and NEA associate Sydney Sykes to connect, engage and advance black venture capitalists, is ready for a new era in the industry. Their mission: Turn 200 black investors into 400 black investors by 2024. “We think of ourselves as an organization formed by black VCs for blacks VCs to increase the representation of black investors,” Sykes told TechCrunch. “You can look around and say well ‘I know five black VCs,’ but you can also say this firm does not have a single black VC, they may not even have a single underrepresented minority … We want to make firms reckon with the fact that there is a racial diversity problem; there is a lack of black VCs and every firm should really care about it.” BLCK VC has been at work since the beginning of 2018, building and expanding a network of black investors in the San Francisco area, Los Angeles and New York. They seek to provide a...
Post a Comment

Security flaw in DJI’s website and apps exposed accounts to hackers and drone live feeds

It took about six months for popular consumer drone maker DJI to fix a security vulnerability across its website and apps, which if exploited could have given an attacker unfettered access to a drone owner’s account.


The vulnerability, revealed Thursday by researchers at security firm Check Point, would have given an attacker complete access to a DJI users’ cloud stored data, including drone logs, maps, any still or video footage — and live feed footage through FlightHub, the company’s fleet management system — without the user’s knowledge.


Taking advantage of the flaw was surprisingly simple — requiring a victim to click on a specially crafted link. But in practice, Check Point spent considerable time figuring out the precise way to launch a potential attack — and none of them were particularly easy.


For that reason, DJI called the vulnerability “high risk” but “low probability,” given the numerous hoops to jump through first to exploit the flaw.


“Given the popularity of DJI drones, it is important that potentially critical vulnerabilities like this are addressed quickly and effectively,” said Oded Vanunu, Check Point’s head of products vulnerability research.


A victim would have had to click on a malicious link from the DJI Forum, where customers and hobbyists talk about their drones and activities. By stealing the user’s account access token, an attacker could have pivoted to access the user’s main account. Clicking the malicious link would exploit a cross-site scripting (XSS) flaw on the forum, essentially taking the user’s account cookie and using it on DJI’s account login page.


The researchers also found flaws in DJI’s apps and its web-based FlightHub site.


By exploiting the vulnerability, the attacker could take over the victim’s account and gain access to all of their synced recorded flights, drone photos, and more. (Image: Check Point)



Check Point reached out in March, at which time DJI fixed the XSS flaw in its site.


“Since then, we’ve gone product-by-product through all the elements in our hardware and software where the login process could have been compromised, to ensure this is no longer an easily replicable hack,” said DJI spokesperson Adam Lisberg.


But it took the company until September to roll out fixes across its apps and FlightHub.


The good news is that it’s unlikely that anyone independently discovered and exploited any of the vulnerabilities, but both Check Point and DJI concede that it would be difficult to know for sure.


“While no one can ever prove a negative, we have seen no evidence that this vulnerability was ever exploited,” said Lisberg.


DJI heralded fixing the vulnerability as a victory for its bug bounty, which it set up a little over a year ago. Its bug bounty had a rocky start, after the company months later threatened a security researcher, who “walked away from $30,000” after revealing a string of emails from the company purportedly threatened him after finding sensitive access keys for the company’s Amazon Web Services instances.


This time around, there was nothing but praise for the bug finders.


“We applaud the expertise Check Point researchers demonstrated through the responsible disclosure of a potentially critical vulnerability,” DJI’s North America chief Mario Rebello said.


Good to see things have changed.

Labels:

Comments

Post a Comment

Popular posts from this blog

LIST OF APPROVED COURSES OFFERED IN EASTERN PALM UNIVERSITY (EPU)

Listed below is the Approved NUC Courses Offered in Eastern Palm University (EPU) Ogboko Imo State.   The Eastern Palm University (EPU) is a University established by law (Imo State of Nigeria Law No. 13 of 2016). It was licensed by the NUC (National Universities Commission) in 2016. The university aims to be a world class university anchored on excellence and research needs of all relevant persons, irrespective of gender, nationality, religion or political conviction. The University is structured as a Public/Private Partnership (PPP) model of university.     Admission Requirements The Eastern Palm University (EPU) requires the following for admission into its programmes/courses Applicant must have five credit passes in relevant subjects, at not more two sittings, which must include English language and Mathematics at Ordinary Level (SSCE or NECO) or equivalent qualification from a country that requires other types of end of secondary school exit examinations or standardized ...
Post a Comment
Read more

LIST OF APPROVED COURSES OFFERED IN FEDERAL UNIVERSITY BIRNIN KEBBI (FUBK)

We have gathered the Full lists of Approved Courses Offered in Federal University Birnin Kebbi   The Federal University Birnin-Kebbi (FUBK) was established on 18th February, 2013 alongside those of Gusau and Gashua by the Federal Republic of Nigeria under the leadership of Goodluck Ebele Jonathan, GCFR, in line with policy of the Government for establishing a Federal University in states that did not have one across the federation.     Read also: LIST OF ACCREDITED COURSES OFFERED IN UNIVERSITY OF JOS (UNIJOS) Professor Lawal Suleiman Bilbis, FNSMB, a Professor of Biochemistry and former Deputy Vice Chancellor Academic at Usmanu Danfodiyo University, Sokoto was appointed as the pioneer Vice Chancellor of the University while Ibrahim Abubakar Mungadi, FCAI, was appointed as the Registrar. Academic activities began in November, 2014 for the 2014/2015 academic session with a students’ population of 507 and academic staff strength of 102. Accordingly, maiden and second matriculati...
1 comment
Read more

LIST OF APPROVED COURSES OFFERED IN OSUN STATE POLYTECHNIC IREE

We have gathered the list of Approved Courses Offered in Osun State Polytechnic Iree The management of the institution has released an update on the lists of Approved Courses offered in Osun State University Iree.            Osun State Polytechnic, Iree also known as OSPOLY is a tertiary learning institution in Iree, Osun State, Nigeria. The Polytechnic was formerly a satellite campus of The Polytechnic, Ibadan. It became autonomous on 12 October 1992 when the Governor of Osun State, Alhaji, Isiaka Adeleke, signed the law establishing the institution alongside The Osun State College of Technology located at Esa-Oke in Osun State. Osun State Polytechnic Iree also has Daily Part Time Program (DPT) which is located at Koko campus. Dont Miss: LIST OF APPROVED COURSES OFFERED IN LAGOS STATE POLYTECHNIC (LASPOTECH)   Admission Requirements All Candidate seeking admission in Osun State Polytechnic must posses the below listed requirements Candidate must meet Osun state Polytechnic...
Post a Comment
Read more