Implementation of security automation can be overwhelming, and has remained a barrier to adoption Previously, I wrote about balancing security automation and the human element to accelerate security automation initiatives. Equally important to address are the implementation aspects of security automation, which are holding many organizations back. In fact, a recent survey (PDF) found that […]
Researchers at application security company Jscrambler have just published a cautionary tale about supply chain attacks… …that is also a powerful reminder of just how long attack chains can be. Sadly, that’s long merely in terms of time, not long in terms of technical complexity or the number of links in the chain itself. Eight […]
Dec 08, 2022Ravie LakshmananPatch Management / Zero-Day An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware. The discovery, reported by Google Threat Analysis Group researchers Benoît Sevens and Clément Lecigne, […]
Arcitecta has unveiled Mediaflux Point in Time, a new backup and recovery approach that redefines data resilience at scale. Powered by Arcitecta’s Mediaflux data fabric, Point in Time offers metadata-based data protection that secures data at scale, expedites data recovery, and eliminates the cost and business impact of lost data. It also provides a strong […]
High-flying security compliance and automation startup Drata continues to attract major venture capital investor interest, banking $200 million in Series C funding that values the company north of $2 billion. The $200 million cash infusion comes less than two years after the San Diego, Calif-based company emerged from stealth with ambitious plans to design and […]
The software industry is making headway against a group of pernicious vulnerabilities that are responsible for the vast majority of critical, remotely exploitable, and in-the-wild attacks, software-security experts said this week. The class of vulnerabilities — so-called memory-safety issues — include buffer overflows and use-after-free errors and have accounted for the majority of application security […]
A Florida man who was part of a cybercrime gang who went after cryptocoin wallets has been sentenced for his part in a cyberheist that allegedly netted the participants more than $20,000,000. The scammers, including one Nicholas Truglia, 25, got control of various online accounts belonging to the victim by using a trick known in […]
Dec 06, 2022Ravie LakshmananAdvanced Persistent Threat A malicious campaign targeting the Middle East is likely linked to BackdoorDiplomacy, an advanced persistent threat (APT) group with ties to China. The espionage activity, directed against a telecom company in the region, is said to have commenced on August 19, 2021 through the successful exploitation of ProxyShell flaws […]
Google has patched CVE-2022-4262, a type confusion vulnerability in the V8 JavaScript engine used by Google Chrome (and Chromium), which is being exploited by attackers in the wild. No other technical details have been shared about this zero-day flaw, only that it was reported by security engineer Clement Lecigne of Google’s Threat Analysis Group (TAG), […]
Apple presents itself as a white knight on the subject of privacy, but critics say its own advertising ambitions are built on anti-competitive practices. Two developers going by the name ‘Mysk’ claimed last month that Apple was tracking users’ every tap on the App Store, with no way of disabling the function. A class action […]