Dive Brief: Top cybersecurity officials from the Biden administration pledged additional support to the open source software community and private sector security executives during the Secure Open Source Software Summit in Washington D.C. Tuesday. The Cybersecurity and Infrastructure Security Agency released a roadmap for open source software security, which is designed to establish the agency’s role […]
German business software maker SAP on Tuesday announced the release of 13 new and five updated security notes as part of its September 2023 Security Patch Day. Five of the SAP security notes released this month are rated ‘hot news’, the company’s highest rating. Three of them, however, are updates for previously released security notes. […]
AuthMind, a Maryland-based startup that aims to help businesses protect themselves from identity-related cyberattacks, today announced that it has raised an $8.5 million seed round led by Ballistic Ventures, with strategic participation from IBM Ventures. The company was co-founded by CEO Shlomi Yanai and CTO Ankur Panchbudhe. Both previously founded (and sold) a number of […]
A new malvertising campaign is targeting corporate users who are downloading the popular web conferencing software Webex. Threat actors have bought an advert that impersonates Cisco’s brand and is displayed first when performing a Google search. We are releasing this blog to warn users about this threat as the malicious ad has been online for almost […]
Israeli security startup Zenity has landed $16.5 million in new venture capital funding to work on technology to secure the ‘low-code/no-code’ dev ecosystem. Zenity said the Series A financing was led by Intel Capital and included new investors from Gefen Capital and B5. Existing backers Vertex Ventures and Upwest also expanded equity stakes. The company […]
A new ransomware family dubbed 3AM has emerged in the threat landscape. It was detected in an attack by a LockBit affiliate who attempted to deploy the ransomware when LockBit was blocked on the targeted network. Diving in details It begins with the use of the gpresult command to retrieve the policy settings for a […]
Two new high-severity Kubernetes vulnerabilities leave all Windows endpoints on an unpatched cluster open to remote code execution (RCE) with system privileges. Akamai has released a new report flagging the two Kubernetes vulnerabilities, and urged system administrators to take immediate steps to mitigate. The find was built on previous research into Windows nodes vulnerability CVE-2023-3676 […]
Sep 14, 2023THNEndpoint Security / Vulnerability A set of memory corruption flaws have been discovered in the ncurses (short for new curses) programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems. “Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run […]
The governing body for soccer in the Netherlands said this week that it paid a ransom to hackers who breached its systems earlier this year and stole the sensitive data of more than more than 1.2 million employees and members. The Royal Dutch Football Association (KNVB) didn’t say how large the ransom was, but it […]