OpenSSF Project Hunts for Malware Code in Open Source Repositories

Veza Emerges From Stealth With $110 Million in Funding

Visit SecurityWeek.Com | Advertise | Contact   Webcasts RSS Feed 04.29.22 Friday, April 29, 2022 The Password Manager Built for Enterprise Protect your organization's passwords, credentials and secrets with zero-trust and zero-knowledge security. Try Keeper Free for 14 Days How Linux Became the New Bullseye for Bad Guys Linux is becoming a more popular target for attackers as it operates the back-end systems of many networks and container-based solutions for IoT devices and mission-critical applications. Read the Full Column by Derek Manky Overcoming Cybersecurity Recruiting Challenges With the labor market for cybersecurity pros being extremely tight, the old ways of recruiting are rife with weaknesses and biases, while the urgency to recruit people is intense. Read the Full Column by Jeff Orloff Achieving Sustainable Cybersecurity Through Proper Care and Feeding It's time to step back and look at the role of the IT industry in developing, deploying, maintaining, growing and eventually, sustainably retiring technology and solutions. Read the Full Column by Laurence Pitt Defending Your Business Against Russian Cyberwarfare In the event of Russian cyberwarfare, reviewing the industries, styles, and objectives of their attacks can help organizations to prepare and implement more robust defenses. Read the Full Column by Landon Winkelvoss Why Ransomware Response Matters More Than Protection Organizations need to look beyond preventive measures when it comes to dealing with today's ransomware threats and invest in ransomware response, which improves their ability to prepare and quickly recover endpoints from ransomware attacks. Read the Full Column by Torsten George When Attacks Surge, Turn to Data to Strengthen Detection and Response As threat actors continue to evolve their TTPs to take advantage of crises and outbreaks, the intelligence sources and information sharing mechanisms available to help will become even more important. Read the Full Column by Marc Solomon Today's Network Is Different, Not Dead - Here's How You Secure It Security systems can struggle to keep up when networks are in a constant state of flux—optimizing connections, redirecting workflows, adding new edges or endpoints, or scaling to meet shifting demands. Read the Full Column by John Maddison When Is It Right to Stay Silent? If you know for a fact that a person or group has poor intentions, it may make sense to begin documenting and reporting nefarious activity you observe from them. Read the Full Column by Joshua Goldfarb Economic Warfare: Attacks on Critical Infrastructure Part of Geopolitical Conflict" The biggest advantage defenders have as the nature of the conflict and strategies evolve, is to know their networks better than the adversary. Read the Full Column by Galina Antova Think Like a Criminal: Knowing Popular Attack Techniques to Stop Bad Actors Faster Analyzing the attack goals of adversaries is important to be able to better align defenses against the speed of changing attack techniques. Read the Full Column by Derek Manky Healthcare and the Other CIA Obfuscation technology creates a path to data and applications residing in commercial clouds that cannot be traced, and can be helpful for healthcare data security. Read the Full Column by Gordon Lawson The Importance of Open Source to an XDR Architecture XDR architecture must be broad and deep so that organizations can get the most value out of their existing best-of-breed security solutions, including their free, open-source tools. Read the Full Column by Marc Solomon The Password Manager Built for Enterprise Protect your organization's passwords, credentials and secrets with zero-trust and zero-knowledge security. Try Keeper Free for 14 Days See All Recent Articles at SecurityWeek.Com New OpenSSF Project Hunts for Malicious Packages in Open Source Repositories: OpenSSF introduces the Package Analysis project, a novel effort aimed at securing popular open source packages. Read More Fleet Raises $20M for Endpoint Visibility Technology: Endpoint visibility technology vendor Fleet attracted $20 million in new funding at a valuation in the range of $100 million. Read More Sabanci Group Acquires Majority Stake in OT Security Firm Radiflow for $45 Million> Turkey-based industrial and financial conglomerate Sabanci Group has signed an agreement to acquire a majority stake in OT cybersecurity company Radiflow for $45 million. Read More Internet-Exposed Servers Affected by Exploited Redis Vulnerability: Rapid7 security researchers identified 2,000 Linux servers accessible without authentication that are impacted by a recent Redis vulnerability. Read More Synology, QNAP, WD Warn Users About Vulnerabilities Exploited at Hacking Contest: Synology, QNAP and WD have warned their customers about several critical Netatalk vulnerabilities that have been exploited at a recent hacking contest. Read More Google Adds Ways to Keep Personal Info Private in Searches: Google will let people request that more types of content such as personal contact information like phone numbers, email and physical addresses be removed from search results. Read More Data Security Firm Veza Emerges From Stealth With $110 Million in Funding: Veza announces $110 million in funding from major venture firms and angel investors. Read More Microsoft Warns of 'Nimbuspwn' Security Flaws Haunting Linux: Researchers at Microsoft find a way to exploit for a pair of privilege escalation flaws to plant a root backdoor on Linux systems. Read More 1.2 Million Bad Apps Blocked From Reaching Google Play in 2021: Google said it prevented 1.2 million bad apps from reaching Google Play in 2021, but cybercriminals continue finding ways to deliver their malware via the app store. Read More Synopsys to Acquire White Hat Security in $330M All-Cash Deal: Synopsys is expanding its reach into the cybersecurity business with plans to shell out $330 million to acquire White Hat security. Read More Cisco Patches 11 High-Severity Vulnerabilities in Security Products: Cisco resolves 19 vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD). Read More Critical Vulnerabilities in Azure PostgreSQL Exposed User Databases: Cloud security company Wiz details ExtraReplica, a series of critical Azure PostgreSQL vulnerabilities that could have been exploited to access user databases. Read More National Cybersecurity Agencies List Most Exploited Vulnerabilities of 2021: Cybersecurity agencies in the US, Canada, UK, Australia and New Zealand said the most commonly exploited vulnerabilities of 2021 included Log4Shell, ProxyLogon, and ProxyShell. Read More Cloudflare Customer Targeted in Record HTTPS DDoS Attack: Cloudflare says it mitigated a 15.3 million request-per-second (RPS) distributed denial of service (DDoS) attack carried out over HTTPS. Read More A Chilling Russian Cyber Aim in Ukraine: Digital Dossiers: Russia's relentless digital assaults on Ukraine may have caused less damage than many anticipated. But most of its hacking is focused on a different goal that gets less attention but has chilling potential consequences: data collection. Read More IETF Publishes RFC 9116 for 'security.txt' File: The Internet Engineering Task Force (IETF) has published RFC 9116 for the security.txt file, whose goal is to aid vulnerability disclosures. Read More Over 300,000 Internet-Exposed Databases Identified in 2021: In the first quarter of 2022, Group-IB security researchers identified over 91,000 publicly-facing databases. Read More Russia Coordinating Cyberattacks With Military Strikes in Ukraine: Microsoft: Microsoft said that in "hybrid" warfare tactics, Russia often matches cyberattacks with military assaults on the battlefield. Read More Privacy Enhancing Tech Startup Enveil Bags $25 Million Investment: Enveil, an early-stage startup tackling the 'holy grail' of data encryption, has banked another $25 million in venture capital funding. Read More Watch: The Four Stages of Zero Trust Maturity: Join this webinar to learn the four stages of Zero Trust maturity and how to get fast wins while working toward fully adaptive, context- and risk-aware Zero Trust baked into your IT, security and business ecosystems. Read More Risk Intelligence Company Strider Raises $45 Million: Strider closes a $45 million Series B funding round led by Valor Equity Partners. Read More Internet Outages in French Cities After Cable 'Attacks': Operator: Internet and phone services were down or running slowly in several French cities on Wednesday after fibre optic cables were cut overnight in suspected attacks on the crucial data infrastructure, telecom operators said. Read More Can Elon Musk Spur Cybersecurity Innovation at Twitter?: News analysis: Elon Musk's stated mission to "authenticate all humans" and defeat the spam bots on Twitter could spur cybersecurity tech innovation around identity, multi-factor authentication and botnet detection. Read More Chinese Cyberspies Targeting Russian Military: State-sponsored cyberespionage group Mustang Panda starts targeting Russian military as Chinese interests shift towards the Russian-Ukraine war. Read More To help make sure the SecurityWeek Briefing reaches you, please add news@securityweek.com to your address book. © 2022 Wired Business Media Visit SecurityWeek.Com | Twitter | Advertise | Contact

SecurityWeek | 40 Warren Street, Charlestown, MA 02129 Unsubscribe cyberdefense974.77330@blogger.com Update Profile | Our Privacy Policy | Constant Contact Data Notice Sent by news@securityweek.com