July 19, 2024 at 07:01AM SolarWinds released security updates for Access Rights Manager, resolving 13 vulnerabilities, including eight critical-severity bugs. Six critical flaws could be exploited for remote code execution, while the remaining two could allow attackers to read and delete arbitrary files. Five high-severity issues were also addressed, impacting domain admin access and arbitrary … Read more
July 18, 2024 at 06:27AM Cybersecurity researchers discovered five vulnerabilities in SAP AI Core platform, making unauthorized access and data theft possible. With responsible disclosure, SAP addressed the weaknesses, preventing potential misuse. The findings coincide with increased enterprise use of generative AI and the emergence of a new cybercriminal threat group, NullBulge, targeting AI and … Read more
July 17, 2024 at 12:08PM Enterprise security teams are increasingly addressing the risks associated with the use of AI-enabled applications. An analysis by Netskope found that organizations are implementing controls such as blocking policies and data loss prevention tools to protect against the sending of sensitive data to AI apps. The focus is now shifting … Read more
July 14, 2024 at 03:42PM Alphabet, Google’s parent company, is close to acquiring cybersecurity startup Wiz for approximately $23 billion, potentially its largest acquisition. Wiz, an Israeli company, offers cloud security software, and the acquisition would strengthen Alphabet’s cybersecurity portfolio, including recent acquisitions like Mandiant and Siemplify. This move aligns with Google’s strategy to expand … Read more
July 11, 2024 at 11:49AM Palo Alto Networks has released security updates to address several vulnerabilities in its products, including a critical bug impacting the Expedition migration tool, allowing an admin account takeover. Another flaw named BlastRADIUS could enable privilege escalation in certain PAN-OS firewall versions. Users are advised to update to the latest versions … Read more
July 3, 2024 at 09:57AM Odaseva, a Salesforce enterprise data security platform, has secured $54 million in Series C funding, bringing their total funding to over $90 million. The investment, led by Silver Lake Waterman and supported by other investors, will be used to enhance product development, expand global presence, and strengthen the executive team. … Read more
July 2, 2024 at 09:22AM Splunk announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs. The vulnerabilities include remote code execution flaws, command injection flaw, path traversal, and denial-of-service. Splunk also addressed medium-severity flaws. No mention of exploitation in the wild was made. Additional information is available on Splunk’s … Read more
July 1, 2024 at 06:42AM Code libraries are essential for adding standardized functionality to a project, but they can also be vulnerable to supply chain attacks. Polyfill.io, a JavaScript enhancement service, was accused of distributing malware, raising concerns about the security of third-party libraries and the potential impact on user security. The incident highlights the … Read more
June 27, 2024 at 03:36AM A critical security flaw, tracked as CVE-2024-5276, has been disclosed in Fortra FileCatalyst Workflow, allowing attackers to tamper with the application database. The vulnerability, with a CVSS score of 9.8, impacts versions 5.1.6 Build 135 and earlier, but has been addressed in version 5.1.6 build 139. Tenable released a proof-of-concept … Read more
June 21, 2024 at 04:58PM Abstract Security, a cybersecurity innovator, has announced the general availability of its cutting-edge security operations platform. The platform, in use by customers, aids in navigating data complexities, enhancing security effectiveness, and reducing costs. It offers advanced analytics, security pipelines, and optimized storage. Additionally, Abstract has expanded its team and garnered … Read more