Click Security company logo

The profile is currenly unclaimed by the seller. All information is provided by CB Insights.

clicksecurity.com

Stage

Acquired | Acquired

Total Raised

$24.7M

About Click Security

Click Security's cybersecurity solutions go beyond traditional security defenses, such as firewalls, anti-virus software and intrusion prevention systems, to find and halt attacks. The company provides real-time security analytics that enable businesses to detect subtle changes in behavior that are often the signs of an advanced attack.

Click Security Headquarter Location

6500 River Place Blvd Building 1, Suite 350

Austin, Texas, 78730,

United States

512-637-8500

Predict your next investment

The CB Insights tech market intelligence platform analyzes millions of data points on venture capital, startups, patents , partnerships and news mentions to help you see tomorrow's opportunities, today.

Expert Collections containing Click Security

Expert Collections are analyst-curated lists that highlight the companies you need to know in the most important technology spaces.

Click Security is included in 1 Expert Collection, including Cybersecurity.

C

Cybersecurity

4,925 items

Click Security Patents

Click Security has filed 7 patents.

patents chart

Application Date

Grant Date

Title

Related Topics

Status

2/26/2016

2/5/2019

Computer network security, Computer security, Identity management, Data security, Data management

Grant

Application Date

2/26/2016

Grant Date

2/5/2019

Title

Related Topics

Computer network security, Computer security, Identity management, Data security, Data management

Status

Grant

Latest Click Security News

Another MacOS Bug Lets Hackers Invisibly Click Security Prompts

Jun 3, 2019

Synthetic clicks—clicks generated by a program rather than a human finger on a mouse or trackpad—have long been a useful tool for automation as well as accessibility for disabled users. To block malicious use of synthetic clicks, MacOS requires any application that uses them to be added by the user to an approved list. But Apple-focused blogger Howard Oakley found in November that there are some exceptions to this rule, included by default on MacOS systems. This short, strange list of applications—including some versions of VLC, Adobe Dreamweaver, Steam, and other programs—can use synthetic clicks without requiring the user's pre-approval. Wardle read Oakley's post that pointed to the list in April. Within an hour of discovering it, Wardle says he figured out a way to trick MacOS into treating his own malware as a part of the white list. Due to an error in how Apple implemented code signing for that list—a feature that checks if the code of an application has been signed with a legitimate cryptographic key to prove its identity—Wardle found he could simply modify an approved program like VLC to include his malware. Despite the code modifications, MacOS would verify that his program was a copy of VLC and allow it to generate clicks at will. "It's like doing an ID check, but not checking the validity of the ID, just checking the name on it," Wardle says. "Because Apple has messed up the verification, they don’t detect that I've modified and subverted VLC, so they allow my synthetic click. So I can bypass all of these new Mojave privacy measures." Although the "allow" or "deny" security prompt would still appear briefly on the screen before a synthetic click dismissed it, Wardle points out that his malware can also dim the screen so that the computer appears to be sleeping. That means he can carry out a synthetic click attack without the prompt ever becoming visible to the user. WIRED reached out to Apple for comment on the new synthetic click vulnerability Wardle discovered, but the company hasn't yet responded. Wardle concedes that his exploit by itself doesn't allow a remote attacker to hack a Mac across the internet. The attacker would need to already have remote access to a victim machine or have installed a malicious application. But if a hacker can gain that initial foothold, say, with a malicious attachment in a phishing email or another common technique, it could allow malware to expand its access much deeper into a target system. In the worst-case scenario, Wardle's synthetic clicks could be used to install a so-called kernel extension, an alteration to the operating system's kernel for which MacOS requires the user to click "allow." Kernel extensions—like drivers in Windows—have to be cryptographically signed by a legitimate developer to be installed in MacOS. But hackers have in some cases installed a legitimate kernel extension that contains a security flaw, and then used that flaw to gain full access to the deepest recesses of a target machine. "If you can infect the kernel, you can see everything, bypass any security mechanism, hide processes, sniff user keystrokes," Wardle explained when he described another synthetic click attack to WIRED last year . "It’s really game over." The bug in Mojave that Wardle revealed yesterday marks the third time he's exposed a flaw in Apple's safeguards against synthetic clicks. In earlier research, he's shown that while MacOS tried to block synthetic clicks on security prompts, his malware could click through them by using an obscure feature called "mouse keys" that essentially allows mouse control via the keyboard. Apple patched this hack, but a few months later, Wardle found that he could circumvent the patch with an even stranger technique . A synthetic click includes two commands, a "down" click and an "up" click, just as with a physical mouse. Wardle discovered that two "down" commands was also somehow interpreted as a click, but it wasn't subject to the same safeguards. Using that allowed him to click through the security prompt blocking a kernel extension. Wardle says he told Apple about his latest attack just a week before revealing it—hardly enough time, he admits, for the company to patch it. But after seeing so many repeated errors, he’s frustrated with Apple’s carelessness and wanted to apply more pressure by dropping the unpatched bug in public. "My approach of responsible disclosure isn't working at all," he says. "So I'm trying an alternate route to inspire Apple." Apple's ongoing failure to fix bugs in the same security mechanism—one it even featured onstage at WWDC—points, he says, to more deep-seated problems in the company’s approach to security. "Why aren’t they auditing this code before releasing it? Especially when they’re getting up on stage and touting all these security features that are essentially worthless," Wardle says. "If you don’t do a good job with the implementation, all of it is just marketing." More Great WIRED Stories

  • Where is Click Security's headquarters?

    Click Security's headquarters is located at 6500 River Place Blvd, Austin.

  • What is Click Security's latest funding round?

    Click Security's latest funding round is Acquired.

  • How much did Click Security raise?

    Click Security raised a total of $24.7M.

  • Who are the investors of Click Security?

    Investors of Click Security include Alert Logic, Sequoia Capital, Lightspeed Venture Partners and Citi Ventures.

  • Who are Click Security's competitors?

    Competitors of Click Security include Mandiant and 4 more.

You May Also Like

CounterTack Logo
CounterTack

CounterTack+GoSecure is a provider of Predictive Endpoint Detection and Response, Next Gen Antivirus and Insider Threat Detection, which meets Gartner's updated definition for Endpoint Protection Platform (EPP) for the enterprise. The Platform delivers multi-vector detection, prevention, and response by applying a unique combination of behavioral analysis, memory forensics, machine learning, and reputational techniques to counter advanced threats. Powered by the Platform, CounterTack+GoSecure also offers a full spectrum of managed cybersecurity services, integrating EDR, SIEM, NextGen firewalls, IPS, vulnerability assessment and patch management. Its Advanced Response Centre (ARC) provides Threat Hunting, Active Threat Mitigation and Incident Response services.

SparkCognition Logo
SparkCognition

SparkCognition builds AI solutions for applications in energy, oil and gas, manufacturing, finance, aerospace, defense, and security. SparkCognition's products include Darwin for automated model building, DeepArmor for AI-built cybersecurity, SparkPredict, an analytics solution, and DeepLNP, a natural language processing solution.

Source Defense Logo
Source Defense

Source Defense is a real-time SAAS solution that protects online websites from attacks originating from third-party scripts. It uses a real-time sandbox isolation technology to provide a client-side website security solution focused on preventing malicious activity originating from website supply chain vendors. The company was founded in 2014 and is based in Rosh-Ha’ayin, Israel.

Cybereason Logo
Cybereason

Cybereason develops software that aims to better track the actions of would-be cyber attackers. The Cybereason automated platform collects subtle clues by learning to discern anomalies and distinguish between the benign and pernicious. This data is then analyzed using Big data algorithms and proprietary knowledge enriched with external intelligence.

Lacework Logo
Lacework

Lacework is a late-stage technology firm that develops a complete security platform for the entire IT infrastructure, from DevOps and orchestration environments to cloud and hybrid workloads. Lacework is designed to self-adapt to the cloud's ever-changing configurations to provide visibility and intrusion detection that helps enterprises keep their data and resources safe. The firm serves a wide variety of industries that require intrusion detection. Lacework was founded in 2015 and is based in San Jose, California.

Recorded Future Logo
Recorded Future

Recorded Future delivers threat intelligence powered by patented machine learning to significantly lower risk, empowering organizations to reveal unknown threats before they impact business, and enable teams to respond to security alerts faster.

Discover the right solution for your team

The CB Insights tech market intelligence platform analyzes millions of data points on vendors, products, partnerships, and patents to help your team find their next technology solution.

Request a demo

CBI websites generally use certain cookies to enable better interactions with our sites and services. Use of these cookies, which may be stored on your device, permits us to improve and customize your experience. You can read more about your cookie choices at our privacy policy here. By continuing to use this site you are consenting to these choices.