Apple Fixes Exploited Zero-Day With iOS 16.1 Patch
The Cupertino device maker confirmed the active exploitation of CVE-2022-42827, warning in a barebones advisory that the flaw exposes iPhones and iPads to arbitrary code execution attacks. “An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited,” Apple said…
Anonos Raises $50 Million for Data Privacy Platform
Founded in 2012, the New York-based company offers Data Embassy, a software platform that aims to protect data in use by applying pseudonymization and other techniques to transform the data into ‘Variant Twins’, representing non-identifiable but fully accurate assets. Courtesy of multi-level data privacy and security controls, the company says, Variant Twins can be used…
Zoom for macOS Contains High-Risk Security Flaw
The vulnerability, which carries a CVSS severity score of 7.3/10, is documented as a debugging port misconfiguration that is opened by the Zoom client on macOS machines. Details from Zoom’s advisory: Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When…
IronVest Emerges From Stealth Mode With $23 Million in Seed Funding
The investment round was led by Accomplice, with participation from Joule Ventures, OurCrowd, Trust Ventures, Ulysses, and several angel investors. Founded in December 2021, the New York-based company provides a biometric security and privacy application for protecting digital accounts across banking, email, investing, and healthcare services. IronVest says its solution takes a decentralized approach to…
Flaw in Microsoft OME Could Lead to Leakage of Encrypted Data
Issues with ECB are not unknown. In its Announcement of Proposal to Revise Special Publication 800-38A, NIST wrote, “The ECB mode encrypts plaintext blocks independently, without randomization; therefore, the inspection of any two ciphertext blocks reveals whether or not the corresponding plaintext blocks are equal… the use of ECB to encrypt confidential information constitutes a…
DataGrail Raises $45 Million for Data Privacy Platform
The new investment round was led by Third Point Ventures, with participation from Cloud Apps Capital, Felicis Ventures, Next47, Operator Collective, Sixty Degree Capital, and Thomson Reuters Ventures. Founded in 2018, the San Francisco-based firm provides a data privacy solution that creates an automated map of all business systems within an organization, to provide visibility…
Cloud Data Security Startup Theom Emerges From Stealth With $16 Million in Funding
The investment was led by Ridge Ventures and Microsoft’s M12 venture fund, and it will help the company expand its cloud data security solution. Founded by former executives from Google, Cisco and Yahoo, Theom has developed a product designed to help organizations secure data in the cloud and SaaS data stores. The company’s platform inventories…
Microsoft: Multiple Iranian Groups Conducted Cyberattack on Albanian Government
On July 15, 2022, threat actors working on behalf of the government of Iran launched a destructive attack targeting the Albanian government’s websites and public services, taking them offline. The attack had less than 10% total impact on the customer environment. The campaign consisted of four different stages, with different actors responsible for every one…
Data Security Company Open Raven Raises $20 Million
The new investment round was led by Pelion Venture Partners, with existing investors Kleiner Perkins and Upfront Ventures also participating. Founded in 2019 by Crowdstrike and Microsoft alums, the Los Angeles-based company emerged from stealth in February 2020 to provide data security tools designed to prevent leaks, breaches, and compliance issues. Open Raven says its…
CISA Urges Critical Infrastructure to Prepare for Post-Quantum Cryptography
The National Institute of Standards and Technology (NIST) is expected to publish the standard in 2024, but CISA urges stakeholders to prepare in advance, citing potential risks from quantum computing to the entire critical infrastructure. Quantum computers use qubits, or ‘quantum bits’, to deliver higher computing power and speed in certain scenarios, including solving mathematical…
