May 8, 2024 at 08:30AM The 2024 RSA Conference in San Francisco featured companies like Action1, Abnormal Security, and AppViewX announcing new product and service offerings. Other notable announcements include Cloudflare’s risk management solutions, HCLSoftware’s AppScan Supply Chain Security, and LogicGate’s AI governance solution. Palo Alto Networks also introduced new AI security solutions and Zscaler … Read more
May 7, 2024 at 04:54PM The Known Exploited Vulnerabilities (KEV) list, introduced by the Cybersecurity and Infrastructure Security Agency in 2021, aims to accelerate remediation times for high-risk threats. Congressman Jim Langevin’s legislation created the list to prioritize vulnerabilities for remediation. Data shows an increase in remediation timelines, but ransomware vulnerabilities receive the highest priority. … Read more
May 7, 2024 at 11:00AM Cloud security company Wiz raised $1 billion at a $12 billion valuation in a funding round led by Andreessen Horowitz, Lightspeed Venture Partners, and Thrive Capital. The company’s platform offers various security capabilities, with a focus on cloud security posture management and infrastructure entitlement management. Wiz aims to continue innovating … Read more
May 6, 2024 at 09:44AM CISA urges the software industry to eliminate directory traversal vulnerabilities, which allow users to access and manipulate data. Exploits can lead to data theft and system compromise, posing a heightened threat to critical organizations including healthcare and cloud services. CISA recommends specific mitigations such as using ransom identifiers for files … Read more
May 3, 2024 at 05:38PM Dazz, a leading security remediation company, has unveiled new features in its Unified Remediation Platform. These advancements include automated code-fixes for container vulnerabilities, AI-driven remediation guidance, and additional platform connections with industry-leading security tools. These improvements will allow cybersecurity teams to prioritize critical issues, automate fixes, and present a unified … Read more
May 3, 2024 at 01:36PM Varun Badhwar, CEO at Endor Labs, predicts that software supply chain vulnerabilities will become a major cybersecurity threat, with a vast majority of enterprise code derived from untrusted sources. He emphasizes the need for proper documentation, automation, and a thorough reevaluation of open-source risks. Badhwar predicts a lengthy process in … Read more
May 3, 2024 at 07:27AM Horizon3.ai has introduced a Rapid Response service to their NodeZero SaaS-based penetration testing platform, using a combination of autonomous AI and human expertise. This service aims to quickly identify and address critical vulnerabilities, staying ahead of potential attackers. Leveraging AI’s speed and human reasoning, the platform creates safe exploits and … Read more
April 26, 2024 at 12:37PM Government and security-sensitive firms are requiring software bills of material (SBOMs), listing components of applications. Attackers could exploit this information without sending packets. Larry Pesce warns that publicly accessible SBOMs can expose vulnerabilities. Yet, SBOMs aim to enhance software security, with 60% adoption expected by next year. Pesce advises using … Read more
April 25, 2024 at 08:15AM Pierre Barre warned of multiple vulnerabilities in the Brocade SANnav application, allowing for compromise of the appliance and Fibre Channel switches. The flaws included unauthenticated access, backdoor accounts, exposed credentials, and insecure Docker instances. After initial rejection, the issues were patched in SANnav version 2.3.1, released in December 2023. Key … Read more
April 22, 2024 at 08:03AM Palo Alto Networks disclosed a critical vulnerability (CVE-2024-3400) affecting 6,000 internet-accessible firewalls, allowing unauthenticated remote code execution. Exploited by threat actors, the flaw affected GlobalProtect in PAN-OS devices, leading to sensitive data theft and malware deployment. Mitigations initially included disabling device telemetry, but the vendor later released patches effectively eliminating … Read more