Tag: category-/Computers & Electronics/Computer Security

Report: Software supply chain attacks increased 300% in 2021

Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream. Software supply chain attacks grew by more than 300% in 2021, according to a study from Argon Security, recently acquired by Aqua Security.  The report found that the level of security across software development […]

Read More

Cybersecurity’s challenge for 2022 is defeating weaponized ransomware

This article is part of a VB special issue. Read the full series here: The metaverse – How close are we? Ransomware attack strategists continue to target zero-day vulnerabilities, execute supply chain attacks, fine-tune vulnerability chaining, and search for vulnerabilities in end-of-life products to improve the odds their ransomware attacks will succeed. Ivanti’s Ransomware Spotlight Year […]

Read More

Microsoft discloses ‘large-scale’ phishing campaign that uses new tactic

Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream. Microsoft said today that it has investigated a major new phishing campaign that uses a “novel technique,” rendering the “traditional phishing remediation playbook” insufficient. The company emphasized that the campaign was mainly successful against […]

Read More

Scribe Security raises $7M to protect software supply chain

Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream. Today, software supply chain security provider Scribe Security raised $7 million to enable users to develop, distribute, and maintain code, while also testing code authenticity and integrity.  The solution aims to provide transparency over […]

Read More

Post-quantum cryptography provider PQShield raises $20M

Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream. Today, UK-based post-quantum cryptography provider PQShield announced it had raised $20 million in Series A funding to enhance product development and expand internationally. The move comes amid growing concerns that quantum computers will eventually […]

Read More

Linux vulnerability can be ‘easily exploited’ for local privilege escalation, researchers say

Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream. A newly disclosed vulnerability in a widely installed Linux program can be easily exploited for local privilege escalation, researchers from cyber firm Qualys said today. The memory corruption vulnerability (CVE-2021-4034)—which affects polkit’s pkexec—is not […]

Read More

SentinelOne XDR enables growing list of top incident response firms

Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream. SentinelOne today announced it has expanded the ranks of its incident response partners with a prominent addition, KPMG, which is utilizing the vendor’s Singularity XDR platform to bring greater automation to its cyber investigations […]

Read More

Major attacks using Log4j vulnerability ‘lower than expected’

Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream. Thanks in large part to the massive response effort from the security community, there have been few cyber attacks of consequence leveraging the vulnerabilities in Apache Log4j so far, according to findings from cybersecurity […]

Read More

Deepfence brings ‘attack path’ visualizations to ThreatMapper vulnerability platform

Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream. Let the OSS Enterprise newsletter guide your open source journey! Sign up here. Security observability platform Deepfence has introduced a handful of updates to ThreatMapper, its open source tool for finding and ranking software vulnerabilities. By way […]

Read More

Log4j lesson: Cybersecurity defense isn’t just about tech

Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream. Aside from stolen data and money, perhaps the greatest impact of massive attacks like SolarWinds, Colonial Pipeline, and the current Log4j vulnerability, is that people are beginning to realize that cyber attacks and cyber […]

Read More

The Log4Shell vulnerability: A postmortem

Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream. This article was contributed by Ariel Assaraf, CEO of Coralogix  The Log4shell vulnerability was a fitting, panicked end to what was already a difficult year. Now that the initial panic is out of the […]

Read More

Zero-trust trends for 2022

Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream. Demand for endpoint security visibility and control will grow faster than the market, leading all zero-trust priorities in 2022. Improving Identity and Access Management (IAM) effectiveness, hybrid cloud integrations, and automating patch management will […]

Read More

Report: U.S. is top target of phishing attacks worldwide

Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream. The U.S. is targeted by phishing attacks more than any other country in the world, according to a new report by Outseer that examined 56,000 cyberattacks during the third quarter of last year. The […]

Read More