Code-hosting platform GitHub on Tuesday announced a new effort to improve the security and sustainability of open source projects through financial help, education, certification, and more. The Microsoft-owned platform is now accepting applications for the GitHub Secure Open Source Fund, which launches with $1.25 million to be invested in 125 projects, and will leave applications […]

Data security company Cyera announced on Wednesday that it has raised $300 million in a Series D funding round.  The latest investment, which brings the total raised by the firm since it was founded in 2021 to $760 million, was led by Accel and Sapphire Ventures, with participation from Sequoia, Redpoint, Coatue, and Georgian. “This […]

Oracle this week announced patches for a high-severity information disclosure vulnerability in Agile Product Lifecycle Management (PLM) that has been exploited in the wild. Tracked as CVE-2024-21287 (CVSS score of 7.5), the zero-day affects Agile PLM version 9.3.6 and can be exploited remotely without authentication. In its advisory, Oracle has credited Joel Snape and Lutz […]

Ford has completed an investigation launched after hackers claimed to have stolen customer information.  Hackers named IntelBroker and EnergyWeaponUser claimed in a post on the BreachForums cybercrime forum on November 17 that they had obtained 44,000 Ford customer records, including names, physical addresses, and information on acquisitions.   As SecurityWeek pointed out in its initial article, […]

CERT, CSIRT, CIRT and SOC are terms you’ll hear in the realm of incident response. In a nutshell, the first three are often used synonymously to describe teams focused on incident response, while the last typically has a broader cybersecurity and security scope. Still, terminology can be important. Inconsistent terminology can cause misunderstandings of what […]

IoT endpoints have become prime targets for hackers. In fact, Forrester Research concluded in its “The State of IoT Security, 2023” report that IoT devices were the most reported target for external attacks; they were attacked more than either mobile devices or computers. That’s not so surprising, given the challenges with securing an IoT ecosystem. […]

Risk assessments and threat modeling enable organizations to learn how exposed they are to a successful attack. Both approaches are important, but understanding the differences between risk assessments and threat modeling requires companies know what constitutes a risk and what constitutes a threat. And that requires a definition of vulnerability. A security vulnerability is some […]

Smart contracts execute processes, transactions and other tasks when specific events, conditions and logic are met, depending on how they are programmed. Smart contracts are deployed on a blockchain, such as Ethereum or other distributed ledger infrastructure, where they listen for events and updates from cryptographically secure data feeds called oracles. These contracts often control […]

DC Health Link’s data breach was caused by a misconfigured server, according to a prepared statement by an executive for the health insurance exchange at a House Oversight Committee hearing on Wednesday. DC Health Link, a health insurance exchange program based in Washington, D.C., confirmed it suffered a data breach last month after a user […]