Tips for Securing the Software Supply Chain
“Software supply chain attacks are at the top of all CISOs’ minds,” says ReliaQuest CISO Jeff Music. Music attributes the popularity of software supply chain attacks to the fact that these attacks are relatively easy to conduct and have a significant payoff for the attacker. “This is especially the case if the vulnerable hardware or…
Delinea Acquires Authomize to Tackle Identity-Based Threats
Financial teams of the acquisition were not released but published reports out of Israel peg the price tag as “several tens of millions of dollars.” The private equity-owned Delinea, formed in April 2012 through the merger of Centrify and Thycotic, said the deal extends its reach into the lucrative identity category and adds technology to…
Addressing vulnerabilities in OT environments requires a Zero Trust approach
Cyberattacks on operational technology (OT) systems are rapidly rising. In fact, manufacturing was one of the sectors most impacted by extortion attacks last year, according to Palo Alto Networks Unit 42, as reported in the 2023 Unit 42 Extortion and Ransomware Report. Attacks against OT systems can have a significant impact, including physical consequences such…
CrowdStrike SIEM Demand Rises Amid Cisco-Splunk, Legacy Woes
Pervasive discontent with legacy SIEM offerings and Cisco’s proposed acquisition of Splunk has driven “a significant and pronounced increase in interest” in CrowdStrike’s SIEM offering. The Austin, Texas-based cybersecurity titan’s SIEM tool hit the $100 million annual recurring revenue milestone in the most recent quarter thanks to LogScale’s search speed, data gravity and cost efficiency,…
‘KandyKorn’ macOS Malware Lures Crypto Engineers
The infamous North Korean advanced persistent threat (APT) group Lazarus has developed a form of macOS malware called “KandyKorn,” which it is using to target blockchain engineers connected to cryptocurrency exchanges. According to a report from Elastic Security Labs, KandyKorn has a full-featured set of capabilities to detect, access, and steal any data from the…
Microsoft pledges cybersecurity overhaul to protect products and services
Microsoft launches the Secure Future Initiative to usher in “next generation” of cybersecurity to better protect customers against escalating cybersecurity threats. Microsoft has announced the launch of the Secure Future Initiative (SFI) to improve the built-in security of its products and platforms to better protect customers against escalating cybersecurity threats. The new initiative will bring…
Microsoft Adding New Security Features to Windows 11
Windows 11 feature updates are released in the second half of each calendar year. The latest update, 23H2, is being gradually rolled out to users, with Microsoft expecting the new features to reach all devices by the release of the November 2023 security updates. However, customers with eligible devices running Windows 11 version 22H2 can…
Qualys Announces First-Party Software Risk Management Solution
Qualys, Inc. (NASDAQ: QLYS), a provider of disruptive cloud-based IT, security and compliance solutions, today announced it is opening up its risk management platform to AppSec teams to bring their own detections to assess, prioritize and remediate the risk associated with first-party software and its embedded open source components. In the digital transformation era, every…
Securing the software supply chain one step at a time
The software supply chain is a vast, global landscape made up of a complicated web of interconnected software producers and consumers. As such, it comes with numerous risks and vulnerabilities that affect all software–including those from third parties and outside vendors. These risks include everything from code vulnerabilities and open-source code repositories to hijacked software…
Exploit Code Published for Remote Root Flaw in VMware Logging Software
In an update to a critical-level advisory originally released in April this year, VMware said it has confirmed that exploit code for CVE-2023-20864 has been published, underscoring the urgency for enterprise network admins to apply available patches. The vulnerability, which carries a CVSS severity score of 9.8 out of 10, allows an unauthenticated, malicious actor…
