Collaborate Disseminate
Almost exactly a year after the Log4Shell security crisis sent defenders scrambling to reduce attack surfaces, new data shows that remediation has been a long, slow, painful slog for most organizations around the world.
read more Continue reading One Year Later: Log4Shell Remediation Slow, Painful Slog
Venture capital investors have invested another $31 million into Sphere Technology Solutions, a New Jersey startup building technology to help defenders manage identities and access to sensitive data.
read more Continue reading Investors Bet $31 Million on Sphere for Identity Hygiene Tech
Vulnerability researchers at Google Project Zero are calling attention to the ongoing “patch-gap” problem in the Android ecosystem, warning that downstream vendors continue to be tardy at delivering security fixes to Android-powered devices.
read more Continue reading Project Zero Flags ‘Patch Gap’ Problems on Android
Security researchers at Proofpoint are calling attention to the discovery of a commercial red-teaming tool called Nighthawk, warning that the command-and-control framework is likely to be abused by threat actors.
read more Continue reading Proofpoint: Watch Out for Nighthawk Hacking Tool Abuse
Threat detection firm CloudSEK has identified thousands of applications leaking Algolia API keys, and tens of applications with hardcoded admin secrets, which could allow attackers to steal the data of millions of users.
read more Continue reading Leaked Algolia API Keys Exposed Data of Millions of Users
The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI) this week released the last part of a three-part joint guidance on securing the software sup… Continue reading US Gov Issues Software Supply Chain Security Guidance for Customers
Cybersecurity powerhouse Palo Alto Networks on Thursday announced plans to spend $195 million in cash to acquire Israeli startup Cider Security, a deal that adds software supply chain security capabilities to its Prisma Cloud platform.
read more Continue reading Palo Alto to Acquire Israeli Software Supply Chain Startup
The Open Source Security Foundation (OpenSSF) on Wednesday announced the adoption of Secure Supply Chain Consumption Framework (S2C2F), a Microsoft-built framework for consuming open source software.
read more Continue reading OpenSSF Adopts Microsoft-Built Supply Chain Security Framework
The U.S. government on Wednesday issued a blunt recommendation for organizations running VMWare Horizon servers: Initiate threat-hunting activities to find and expel Iranian APT actors that used the Log4j crisis to slip undetected into corporate networ… Continue reading US Gov Warning: Start Hunting for Iranian APTs That Exploited Log4j
Israeli early-stage startup Akeyless has banked a whopping $65 million in venture capital funding to build technology to help businesses manage credentials, certificates, keys and other secrets flowing through multi-cloud environments.
read more Continue reading Akeyless Raises $65 Million for Secrets Management Tech