August 9, 2024 at 01:34PM Progress (Nasdaq: PRGS) announced that the Securities and Exchange Commission’s fact-finding investigation into the MOVEit vulnerability has concluded without enforcement action recommended at this time. Progress received a subpoena on Oct. 2, 2023, from the SEC. The company empowers organizations with AI-powered infrastructure software to achieve transformational success in a … Read more
August 1, 2024 at 05:15PM Twilio has discontinued its Authy for Desktop app, prompting a mandatory logout for users. After reviewing the meeting notes, it’s clear that Twilio has made the decision to discontinue its Authy for Desktop application, resulting in a forced logout of users from the desktop application. This decision will likely impact … Read more
July 12, 2024 at 04:34PM GitLab recently disclosed a critical vulnerability, CVE-2024-6385, impacting its DevOps platform, allowing attackers to run pipelines within users’ contexts. With a severity rating of 9.6 on the CVSS scale, the bug affects GitLab versions 15.8 to 17.1. Users were strongly urged to upgrade as soon as possible. This follows a … Read more
June 22, 2024 at 04:22AM The US government banned Kaspersky Lab from selling its products and issuing updates in America, and sanctioned some of its top executives on Friday. A 12-minute video discussion on this topic, “Kettle,” features cybersecurity editor Jessica Lyons, journalists Tom Claburn, Chris Williams, and Iain Thomson. The video is available as … Read more
November 6, 2023 at 03:05AM APIs are increasingly prevalent in today’s Internet-connected world, enabling devices and applications to exchange information and improve user experiences. However, as API usage increases, security implications arise. Attackers are becoming more sophisticated in targeting payment APIs, with traditional protection techniques proving ineffective. With the holiday season approaching, e-commerce platforms face … Read more
November 2, 2023 at 05:30AM Wing Security has launched “Essential SSPM,” a SaaS Security Posture Management tool, offering SaaS discovery, risk assessment, and user access review in a freemium model. The tool aims to simplify the process of securing SaaS usage and aligns with regulatory security standards such as ISO 27001 and SOC. It allows … Read more
October 11, 2023 at 12:06PM Patches have been released for a critical memory corruption vulnerability in the cURL data transfer project. The flaw, tracked as CVE-2023-38545, affects the SOCKS5 proxy handshake process in cURL, allowing remote exploitation in certain configurations. The bug can lead to heap buffer overflow, and affected versions are 7.69.0 to 8.3.0. … Read more
October 10, 2023 at 01:12PM Adobe has released patches for 13 security vulnerabilities in its products. Critical flaws in Adobe Commerce and Photoshop require immediate attention. The flaws could lead to arbitrary code execution, privilege escalation, and denial-of-service attacks. The affected software versions include Adobe Commerce and Magento Open Source. Adobe has also fixed a … Read more
October 10, 2023 at 09:54AM Gutsy, a new cybersecurity startup founded by the team behind Twistlock, has secured $51 million in seed-stage financing. The company plans to use process mining techniques to address security challenges and provide data-driven insights into an organization’s teams, tools, and processes. Gutsy aims to help security leaders make better decisions … Read more