June 7, 2024 at 08:06AM Summary: Traditional Software Composition Analysis (SCA) tools struggle to provide comprehensive security for software supply chains, leading to alert fatigue and leaving organizations vulnerable. Myrror Security’s guide offers insights into the limitations of current SCA tools and the features needed in future software supply chain security solutions to combat emerging … Read more
June 6, 2024 at 10:02AM Summary: Citizen developer applications, enabled by low-code/no-code technology, pose security risks known as “shadow engineering.” Despite potential benefits, these apps bypass traditional security measures, leaving organizations vulnerable. To mitigate risks, applying traditional security principles to these apps, empowering citizen developers, enforcing compliance, and regular monitoring are crucial. Based on the … Read more
June 5, 2024 at 03:45PM Notable Capital announced “Rising in Cyber” list, recognizing 30 leading cybersecurity companies chosen by CISOs and startup investors. The honorees collectively raised over $6 billion, with categories for early, mid, and growth-stage companies. The list reflects the crucial role of innovative startups in addressing cybersecurity challenges. Key innovation drivers identified … Read more
May 20, 2024 at 04:04PM A severe memory corruption vulnerability named “Linguistic Lumberjack” is found in the popular cloud logging tool Fluent Bit, impacting numerous major cloud service providers and organizations. The bug, tracked under CVE-2024-4323, enables denial of service, data leakage, and remote code execution. Maintainers have released a fix, urging prompt updates or … Read more
May 14, 2024 at 11:03AM SAP released 14 new and three updated security notes for May 2024 Security Patch Day. Two new and one updated note are of highest severity, addressing critical flaws in Business Client, CX Commerce, and NetWeaver. These include vulnerabilities such as CSS injection and remote code execution. SAP advises customers to … Read more
May 6, 2024 at 06:29PM Prompt injection engineering in large language models (LLMs) poses a significant risk to organizations, as discussed during a CISO roundtable at RSA Conference in San Francisco. CISO Karthik Swarnam warns of inevitable incidents triggered by malicious prompting, urging companies to invest in training and establish boundaries for AI usage in … Read more
May 6, 2024 at 11:09AM Synopsys is selling its Software Integrity Group to private equity firms Clearlake Capital and Francisco Partners in a $2.1 billion deal. The business will become an independent application security testing software provider with the existing management team leading the new company. Synopsys plans to focus on its core design and … Read more
April 23, 2024 at 11:28AM Researchers have found a vulnerability in the archived Apache project Cordova App Harness, leading to dependency confusion attacks. Over 49% of organizations are vulnerable. Despite npm’s efforts to fix the issue, the Cordova App Harness project remains at risk. The discovery emphasizes the importance of addressing vulnerabilities in third-party projects … Read more
April 19, 2024 at 04:06PM Miggo, a cybersecurity startup, secured $7.5 million in seed funding for its Application Detection and Response (ADR) platform. It addresses critical blind spots in application security and aims to detect and respond to targeted attacks in real-time, particularly in the era of distributed application architecture. YL Ventures led the funding … Read more
April 15, 2024 at 11:06AM NightVision, a US-based startup founded in 2022, raised $5.4 million in seed funding from angel investors. The company focuses on application security testing, aiding in the identification and resolution of software security vulnerabilities early in the development lifecycle. Its technology simulates attacks, integrates with development workflows, and enables secure development … Read more