September 25, 2024 at 10:42AM DefectDojo, an application security firm based in Austin, Texas, raised $7 million in Series A funding. The company’s open source platform automates security workflows, aggregates data from various tools, and offers vulnerability management capabilities. The funds will support innovation, product development, and market expansion while maintaining a commitment to its … Read more
September 13, 2024 at 02:05PM Dell’Oro Group’s 2Q 2024 Network Security Report shows a 6% Y/Y growth in the Network Security market, reaching $5.9 billion. Cloud-native security solutions and virtual firewalls drove the growth, but hardware-based solutions declined. Infrastructure Security reached $5 billion, with SSE revenue growing to nearly $1.5 billion. WAF revenue rose 18%, … Read more
September 11, 2024 at 12:04AM Wiz launched Wiz Code, a cloud app security product that identifies and resolves cloud risks in code before they become critical issues. It integrates with developer environments, highlighting security issues and providing fix suggestions. Wiz Code aims to enhance collaboration between security and development teams by aligning issues with their … Read more
September 3, 2024 at 12:54AM Eight vulnerabilities found in Microsoft applications for macOS could allow an adversary to gain elevated privileges or access sensitive data. By exploiting the Transparency, Consent, and Control (TCC) framework, an attacker could leverage affected applications, circumventing user consent. The vulnerabilities impact apps like Outlook, Teams, Word, and Excel. Measures like … Read more
August 22, 2024 at 11:18AM Israeli cybersecurity company Miggo has discovered a vulnerability named “ALBeast” impacting up to 15,000 Amazon Web Services’ (AWS) Application Load Balancer (ALB) users. The issue allows attackers to bypass authentication controls, potentially compromising exposed cloud applications. Amazon has updated its authentication documentation and recommends implementing additional security measures to mitigate … Read more
August 21, 2024 at 11:00AM Google is discontinuing its Google Play Security Reward Program (GPSRP) after achieving its goal of increasing Android OS security. Bug submissions will be accepted until August 31, 2024, with final rewards decided by September 30. The program has incentivized developers to improve their app security, paying out a total of … Read more
August 21, 2024 at 08:54AM Miggo has identified a critical configuration issue in AWS’s Application Load Balancer, potentially impacting 15,000 vulnerable apps. Referred to as ALBeast, the attack involves forging tokens and exploiting the ALB configuration to bypass authentication and authorization. Businesses are advised to validate token signers and restrict traffic to mitigate these threats. … Read more
August 20, 2024 at 08:24AM Cisco discovered vulnerabilities in multiple Microsoft applications for macOS, including Outlook, Teams, PowerPoint, OneNote, Excel, and Word. Attackers could exploit these flaws to bypass system permissions, allowing unauthorized activities such as sending emails, recording audio or video, and accessing sensitive information. Microsoft acknowledges the bugs but considers them low risk, … Read more
August 20, 2024 at 06:40AM The article discusses the evolving cyber threat landscape and the importance of understanding and mitigating these threats, using the Log4Shell vulnerability as an example. It explores the mechanics of the attack and the value of Application Detection and Response (ADR) technology in safeguarding against such sophisticated attacks. The article also … Read more
August 16, 2024 at 12:39PM A recent extortion campaign targeted organizations by exploiting publicly accessible .env files with cloud and social media credentials. The attackers used AWS environments to scan over 230 million targets, compromised over 90,000 unique variables, and conducted phishing and ransom activities. The campaign demonstrated advanced cloud knowledge, evasion techniques, and financial … Read more