August 1, 2024 at 11:14AM Lee Klarich of Palo Alto Networks emphasizes the increasing threat of AI-powered cyber attacks and the importance of real-time response. The company’s Precision AI technology is integrated across platforms, enabling more efficient threat detection and prevention. Case studies show how AI helps to automate threat detection and response across large … Read more
July 30, 2024 at 11:36AM Phil Venables, Google Cloud’s CISO, shares insights on their mission to secure cloud infrastructure, products, and services, and improve overall ecosystem security. He discusses the complexities and optimism around the state of cybersecurity, emphasizing the need for security to be built in, not bolted on, and government initiatives for secure-by-design … Read more
July 29, 2024 at 10:06AM Black Hat USA 2024 offers valuable insights for cybersecurity professionals. Despite the AI trend, vulnerability remediation remains a key focus. Sessions cover Amazon Web Services vulnerabilities, Microsoft’s use of large language models, CI/CD runner security risks, Google Cloud Platform vulnerabilities, and more. Emphasizes the need for proactive security culture and … Read more
July 29, 2024 at 02:09AM Threat actors exploit a misconfiguration in Selenium Grid to deploy XMRig for mining Monero. With over 100 million pulls on Docker Hub, the open-source framework allows testing across various environments. Wiz researchers discovered a year-long “SeleniumGreed” attack due to Selenium Grid’s lack of default authentication. Attackers gain remote access via … Read more
July 27, 2024 at 02:00AM Cybersecurity researchers found a malicious package “lr-utils-lib” on the Python Package Index, targeting specific Apple macOS systems to steal Google Cloud credentials. It checks for macOS, compares UUID against hardcoded hashes, and harvests Google Cloud data. The captured info is sent to a remote server. Social engineering tactics suggest a … Read more
July 26, 2024 at 02:30AM Cybersecurity researchers have identified an ongoing campaign known as SeleniumGreed, targeting internet-exposed Selenium Grid services for illicit cryptocurrency mining. With the potential for remote command execution, Cloud security Wiz urges proper protection measures, as misconfigured instances pose significant security risks. The threat actor’s identity remains unknown, emphasizing the need for … Read more
July 25, 2024 at 06:10AM Researchers have identified a privilege escalation vulnerability, named ConfusedFunction, in Google Cloud Platform’s Cloud Functions service, enabling unauthorized access to other services and sensitive data. The issue with Cloud Build service account permissions, exposed by Tenable, has been addressed by Google, although existing instances remain unaffected. Other cloud providers have … Read more
July 24, 2024 at 03:01PM Zest Security, founded in November 2023, secured $5 million funding and offers an AI-powered platform for managing cloud security risks. CEO Snir Ben Shimol highlights the challenge of lengthy manual risk remediation. The platform aims to rapidly mitigate risks using existing cloud controls and then aid in triaging and providing … Read more
July 24, 2024 at 03:01PM Israeli startup Dazz secures a $50 million investment to advance its AI-driven risk prioritization and remediation technology. With a total of $110 million raised, the company aims to revolutionize vulnerability management through automation and root-cause analysis. Dazz intends to empower security and engineering teams with its Unified Remediation Platform, led … Read more
July 23, 2024 at 10:39AM Wiz has declined Alphabet’s $23 billion takeover bid, opting instead for an IPO and aiming for $1 billion in annual recurring revenue. Regulatory concerns may have played a part, given Google’s antitrust scrutiny. The cybersecurity firm, valued at $12 billion, has raised $1.9 billion in funding and acquired Gem Security, … Read more