November 20, 2024 at 12:09PM Google’s OSS-Fuzz project has identified 26 vulnerabilities, including a critical flaw in OpenSSL. Utilizing AI-driven fuzzing, the tool finds bugs unlikely to be detected by humans. OSS-Fuzz aims to automate the fuzzing workflow, enhancing code testing with large language models to improve security against potential threats. ### Meeting Takeaways: 1. … Read more
November 17, 2024 at 11:37AM A critical vulnerability (CVE-2024-10924) in the ‘Really Simple Security’ WordPress plugin allows unauthorized access due to improper user authentication handling. Wordfence warns it enables mass exploitation, urging forced updates. The flaw affects versions 9.0.0 to 9.1.1.1, with a fix released in version 9.1.2. Users must manually update to avoid risks. … Read more
November 7, 2024 at 08:38AM Symbiotic Security has launched a software-as-a-service platform that integrates security tools into developers’ environments, enabling real-time vulnerability detection and remediation. By providing contextual feedback and training, it aims to address the challenges of shift-left security and improve secure coding practices. The company raised $3 million in seed funding. ### Meeting … Read more
November 5, 2024 at 01:43AM Google’s AI model, Big Sleep, claims to be the first to identify a memory safety vulnerability—a stack buffer underflow—in SQLite before its release. Developed by Project Zero and DeepMind, Big Sleep aims to enhance bug detection beyond traditional fuzzing methods. This marks a significant advancement in AI-driven software security. ### … Read more
November 4, 2024 at 10:51AM Google’s Big Sleep AI successfully identified its first real-world vulnerability in SQLite, a widely used open-source database, highlighting AI’s potential in cybersecurity. This memory-safety flaw was reported and swiftly fixed by developers. The achievement underscores the promise of AI in enhancing software vulnerability detection and prevention prior to public release. … Read more
September 17, 2024 at 11:57AM C/side, a startup focusing on protecting against malicious browser-side third-party scripts, raised $6M in seed funding. It has raised a total of $7.7M. The new investment round included Uncork Capital, Mantis VC, PrimeSet, Roar Ventures, and Scribble Ventures. They aim to help businesses monitor, optimize, and secure third-party scripts using … Read more
August 14, 2024 at 08:39AM Traditional password security measures are no longer enough to protect organizations from cyber threats. Prioritize securing the Active Directory and consider integrating External Attack Surface Management (EASM) to enhance password security. EASM helps detect vulnerabilities, monitor for leaked credentials, provide real-time alerts, and offer actionable recommendations to strengthen cybersecurity defenses. … Read more
June 25, 2024 at 07:51AM Threat actors are using a novel attack technique, named GrimResource, to exploit a vulnerability in Microsoft Management Console (MMC) using maliciously crafted .MSC files. This technique allows for arbitrary code execution and has been used by the Kimsuky hacking group. The approach bypasses security measures and can lead to system … Read more
May 7, 2024 at 11:00AM Akamai to acquire API protection company Noname Security for $450 million in the second quarter of 2024. Noname is known for top API security and reaching unicorn status in 2021. Integration will enhance Akamai’s API Security solution and bring $20 million revenue in fiscal year 2024. Noname’s CEO and employees … Read more
March 6, 2024 at 10:39AM Cloud security firm Sweet Security recently secured $33 million Series A funding, following $12 million seed funding. The Tel Aviv-based firm plans to expand its technology and go-to-market operations for cloud runtime security. It combines military expertise with eBPF-based technology to detect vulnerabilities and provide real-time insights for cloud security … Read more