News
CISA issues emergency warning over two new VMware vulnerabilities
The U.S. Cybersecurity and Infrastructure Agency issues emergency security directive over VMware vulnerabilities CVE-2022-22972 and CVE-2022-22973, which threat actors are likely to exploit.
Two account compromise flaws fixed in Strapi headless CMS
The vulnerabilities allow attackers to use a low-privilege account to reset the password of a higher-privilege account.
QuSecure launches end-to-end post-quantum cybersecurity solution
QuSecure claims new solution is the industry’s first end-to-end quantum software-based platform that protects encrypted communications and data using a quantum-secure channel.
![Multiple-exposure shot of a clock and calendar pages. [time / past / future / history / what's next]](https://images.idgesg.net/images/article/2020/09/multiple-exposure_clock_and_calendar_time_schedules_future_past_history_whats_next_by_stillfx__gettyimages-519384045_2400x1600-100859567-small.3x2.jpg?auto=webp&quality=85,70)
WannaCry 5 years on: Still a top threat
As security pros reminisce about the ransomware’s anniversary, some note the more things change, the more they stay the same.
Deepfence Cloud builds on ThreatStryker security observability platform
The SaaS version of ThreatStryker will build on its real-time observation and protection abilities, spanning multiple cloud and development instances.
NanoLock’s zero-trust cybersecurity suite to protect industrial machinery, production lines
Vendor claims to be the first to offer device-level protection solutions designed for legacy and new industrial machinery and smart factory production lines.
Open-source standard aims to unify incompatible cloud identity systems
The project uses open source tech and a new common policy format to manage identity access policies across multi-clouds, on-premises systems, and vendors.
Google to launch repository service with security-tested versions of open-source software packages
The paid Assured Open Source Software service will offer common open-source packages after vetting the provenance of its code and dependencies.
Rezilion launches Dynamic SBOM for software supply chain devsecops
Rezilion’s new Dynamic SBOM (software bill of materials) works with its devsecops platform and is designed to help security teams understand how software components are being executed in runtime.
CISOs worried about material attacks, boardroom backing
CISOs are also less concerned about ransomware attacks, but many says their organizations are still not properly prepared for them.
Intel bets big on security as a service for confidential computing
At its inaugural Vision event, Intel launched a security as a service initiative called Project Amber for confidential computing in the cloud, and outlined its support for secure and responsible AI and quantum-resistant cryptography....
Five Eyes nations warn MSPs of stepped-up cybersecurity threats
The warning likely comes in response to an increase in attacks on managed service providers, through which threat actors can access their clients.
Red Hat debuts edge features for Linux, Kubernetes platform security
At its annual Summit event, Red Hat is rolling out new edge-computing features for the company’s well-known enterprise Linux distribution, and security features for its Advanced Cluster Security for Kubernetes platform.
Threat hunters expose novel IceApple attack framework
Suspected state-sponsored threat actor uses IceApple to target technology, academic and government sectors with deceptive software.
ForgeRock offers AI-based solution for identity-based cyberattacks
ForgeRock Autonomous Access is designed to eliminate account takeovers and prevent fraud in real-time, using a combination of AI and advanced pattern recognition.
Stealthy Linux implant BPFdoor compromised organizations globally for years
The China-linked backdoor takes advantage of the Berkeley Packet Filter on Unix systems to hide its presence.
New RAT malware uses sophisticated evasion techniques, leverages COVID-19 messaging
Nerbian RAT malware uses significant anti-analysis and anti-reversing capabilities along with multiple open-source Go libraries to conduct malicious activity.
