August 9, 2024 at 08:33AM The CrowdStrike update resulted in lawsuits from investors and customers, prompting discussions about software liability. The update caused widespread disruption, including $5.4 billion in damages to the Fortune 500. An investigation is underway, and legal battles between affected parties and CrowdStrike are ongoing, signaling a potential shift towards increased software … Read more
August 7, 2024 at 11:12AM SafeBreach Labs researcher Alon Leviev disclosed critical flaws in Microsoft’s Windows Update, enabling software downgrade attacks that render fully patched Windows machines susceptible to past vulnerabilities. Leviev demonstrated these downgrades at the recent Black Hat conference in Las Vegas and worked with Microsoft to develop a security update to mitigate … Read more
July 30, 2024 at 10:00AM Lineaje, a software supply chain security management provider, has raised $20 million in a Series A funding round, totaling $27 million in investments. The funding, led by various ventures and investors, will support Lineaje’s global expansion and technological advancement. The Saratoga-based company offers comprehensive governance platforms for software supply chain … Read more
July 26, 2024 at 01:13AM Progress Software has identified a critical security flaw (CVE-2024-6327) in Telerik Report Server versions prior to 2024 Q2 (10.1.24.709) that could lead to remote code execution due to an insecure deserialization vulnerability. Users are advised to update to version 10.1.24.709 and take temporary mitigation measures. Another vulnerability (CVE-2024-4358) was patched … Read more
July 25, 2024 at 12:45PM Chainguard, a software supply chain security startup, raised $140 million in a new financing round, reaching a valuation in excess of $1 billion. The company, founded by ex-Google engineers, has raised a total of $256 million since its launch in late 2021. The funding will be used to expand into … Read more
July 24, 2024 at 03:04AM The U.S. CISA has added two security flaws to its Known Exploited Vulnerabilities catalog, including a decade-old use-after-free vulnerability in Internet Explorer and an information disclosure bug in Twilio Authy. CISA advised FCEB agencies to remediate the vulnerabilities by August 13, 2024, to protect against active threats. From the meeting … Read more
July 16, 2024 at 06:05PM The Linux Foundation Research and Open Source Security Foundation released the “Secure Software Development Education 2024 Survey”, emphasizing the urgent need for formalized industry education and training programs. Survey results reveal a lack of security awareness among software developers, leading to a new course on security architecture by OpenSSF. For … Read more
July 16, 2024 at 06:19AM Cybersecurity researchers discovered two malicious packages on the npm registry containing backdoor code for executing commands from a remote server. The packages, disguised as legitimate libraries, were taken down after being downloaded 190 and 48 times. The code was designed to execute disguised command and control functionality hidden in image … Read more
July 12, 2024 at 08:00AM A critical security issue in the Exim mail transfer agent has a 9.1 out of 10.0 CVSS score (CVE-2024-39929). Attackers can deliver malicious attachments to user inboxes, potentially compromising systems. Over 1.5 million Exim servers are vulnerable, primarily in the U.S., Russia, and Canada. It’s essential to apply the patches … Read more
July 11, 2024 at 11:49AM Threat actors have launched a new wave of malicious packages on the NuGet package manager, using a sophisticated approach to evade detection. The 60 fresh packages demonstrate a refined strategy, employing IL weaving to inject malicious functionality into legitimate .NET binaries. The end goal is to deliver a remote access … Read more