HackDig : Dig high-quality web security articles

Big Tech Vendors Object to US Gov SBOM Mandate

The U.S. government’s mandates around the creation and delivery of SBOMs (software bill of materials) to help mitigate supply chain attacks has run into strong objections from big-name technology vendors.A lobbying outfit representing big tech is calling on the federal government’s Office of Management and Budget (OMB) to “discourage agencies” from requiring
Publish At:2022-12-07 18:26 | Read:37811 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Google Documents IE Browser Zero-Day Exploited by North Korean Hackers

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.Tracked as CVE-2022-41128 (CVSS score of 8.8), the vulnerability was identified in the browser’s ‘JScript9’ JavaScript engine and can be exploited by remote attackers to execute arbitrary co
Publish At:2022-12-07 18:26 | Read:30976 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Investors Pour $200M Into Compliance Automation Startup Drata

High-flying security compliance and automation startup Drata continues to attract major venture capital investor interest, banking $200 million in Series C funding that values the company north of $2 billion.The $200 million cash infusion comes less than two years after the San Diego, Calif-based company emerged from stealth with ambitious plans to design an
Publish At:2022-12-07 14:28 | Read:45365 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Containers, Security, and Risks within Containerized Environments

Applications have historically been deployed and created in a manner reminiscent of classic shopping malls. First, a developer builds the mall, then creates the various stores inside. The stores conform to the dimensions of the mall and operate within its floor plan. In older approaches to application development, a developer would have a targeted syst
Publish At:2022-12-06 15:34 | Read:60213 | Comments:0 | Tags:Software Vulnerabilities Application Security Security Servi

Balance Theory Scores Seed Funding for Secure Workspace Collaboration

Balance Theory, a seed-stage startup working on technology to help security teams collaborate and manage data flows securely, has closed a $3 million funding round.The Columbia, Maryland-based Balance Theory said the early-stage investment was led by DataTribe with participation from TEDCO.Balance Theory, the brainchild of former Decision Lab founders Greg B
Publish At:2022-12-05 14:28 | Read:42982 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Securing Your SAP Environments: Going Beyond Access Control

Many large businesses run SAP to manage their business operations and their customer relations. Security has become an increasingly critical priority due to the ongoing digitalization of society and the new opportunities that attackers exploit to achieve a system breach. Recent attacks related to corrupt data, stealing personal information and escalating pr
Publish At:2022-12-04 03:40 | Read:52174 | Comments:0 | Tags:Application Security Cloud Security SAP Security Services

Investors Double Down on Pangea Cyber API Security Bet

Pangea Cyber, an early stage startup working on technology in the API security services space, has banked $26 million in a new funding round led by Google Ventures.The $26 million Series B brings the total raised by Pangea to $51 million and underscores a push by venture capital investors to bet on companies that help developers embed security services and A
Publish At:2022-12-01 14:28 | Read:81141 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

One Year Later: Log4Shell Remediation Slow, Painful Slog

Almost exactly a year after the Log4Shell security crisis sent defenders scrambling to reduce attack surfaces, new data shows that remediation has been a long, slow, painful slog for most organizations around the world.According to telemetry data from vulnerability scanning pioneer Tenable, more than 70 percent of scanned organizations remain vulnerable to t
Publish At:2022-11-30 14:29 | Read:97356 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Network Sec

Investors Bet $31 Million on Sphere for Identity Hygiene Tech

Venture capital investors have invested another $31 million into Sphere Technology Solutions, a New Jersey startup building technology to help defenders manage identities and access to sensitive data.Sphere, a woman-owned company led by Rita Gurevich, said the $31 million Series B was led by growth equity firm Edison Partners. Forgepoint Capital, the venture
Publish At:2022-11-30 10:30 | Read:80341 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Project Zero Flags 'Patch Gap' Problems on Android

Vulnerability researchers at Google Project Zero are calling attention to the ongoing “patch-gap” problem in the Android ecosystem, warning that downstream vendors continue to be tardy at delivering security fixes to Android-powered devices.In a research note documenting the discovery of an in-the-wild Android exploit targeting a flaw in the ARM Mali GPU dri
Publish At:2022-11-28 14:28 | Read:113188 | Comments:0 | Tags:Endpoint Security Mobile Security Network Security NEWS &

Proofpoint: Watch Out for Nighthawk Hacking Tool Abuse

Security researchers at Proofpoint are calling attention to the discovery of a commercial red-teaming tool called Nighthawk, warning that the command-and-control framework is likely to be abused by threat actors.According to a new report from Proofpoint, Nighthawk is an advanced C2 framework sold by MDSec, a European outfit that sells adversary simulation an
Publish At:2022-11-23 14:28 | Read:87319 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Mobile Secu

Leaked Algolia API Keys Exposed Data of Millions of Users

Threat detection firm CloudSEK has identified thousands of applications leaking Algolia API keys, and tens of applications with hardcoded admin secrets, which could allow attackers to steal the data of millions of users.Organizations can use Algolia’s API to incorporate into their applications functions such as search, discovery, and recommendations. The API
Publish At:2022-11-22 14:28 | Read:103656 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Data Protection

US Gov Issues Software Supply Chain Security Guidance for Customers

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI) this week released the last part of a three-part joint guidance on securing the software supply chain.The guidance was created by the Enduring Security Framework (ESF), a cross-sector working group fo
Publish At:2022-11-18 10:30 | Read:73171 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Risk Management Man

Palo Alto to Acquire Israeli Software Supply Chain Startup

Cybersecurity powerhouse Palo Alto Networks on Thursday announced plans to spend $195 million in cash to acquire Israeli startup Cider Security, a deal that adds software supply chain security capabilities to its Prisma Cloud platform.Palo Alto Networks said the transaction will boost its ambitions to have Prisma Cloud provide the industry's most comprehensi
Publish At:2022-11-17 22:23 | Read:109412 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

OpenSSF Adopts Microsoft-Built Supply Chain Security Framework

The Open Source Security Foundation (OpenSSF) on Wednesday announced the adoption of Secure Supply Chain Consumption Framework (S2C2F), a Microsoft-built framework for consuming open source software.In use within Microsoft since 2019 and made public in August 2022, S2C2F defines real-world threats to open source software (OSS) and includes requirements to mi
Publish At:2022-11-17 14:27 | Read:95170 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Vulnerabilities sec


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud