All the latest blog posts from the most relevant cyber security companies in the business.

Before the recent pandemic, many executives began appreciating the risks and opportunities associated with cybersecurity. A 2019 survey on cybersecurity priorities from Optiv Security found that 96% of CISOs are taking “a more strategic approach to cybersecurity,” and many were even willing to slow business development to account for cybersecurity-related risks. This was great news…

Lately, dark web actors have one more worry: getting caught by law enforcement. Tracking dark web illegal activities has been a cat-and-mouse game for authorities, but in the end, they often catch their adversaries and seize the dodgy money. On the night of the 2020 presidential election, for example, US government officials managed to empty…

In 1555, Nostradamus published his famous Les Prophéties containing obfuscated prophecies for the world to come. Some believe that one of these predictions pertains to the year 2020 and it reads, in part: “The false trumpet concealing madness / will cause Byzantium to change its laws.” Yeah… I have no idea what that means either!…

Built on a client-server model architecture and in use for roughly five decades, FTP allows for the easy transfer of files and folders between computers. However, because data is transmitted unencrypted, the protocol has long been considered insecure. Secure variants do exist, including one that leverages SSL/TLS (FTPS), or the SSH File Transfer Protocol (SFTP)….

The Intezer team identified a series of unprotected instances operated by organizations in technology, finance, and logistics sectors, which allowed anyone to deploy workflows. In some cases, the nodes have been targeted by malicious actors to deploy crypto-miners. An open-source, container-native workflow engine that runs on Kubernetes, Argo Workflows allows users to run parallel jobs…

One of the bills focusing on critical infrastructure is the Cybersecurity Vulnerability Remediation Act, which aims to authorize the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to assist owners and operators of critical infrastructure with mitigation strategies against serious vulnerabilities. The bill covers vulnerabilities in IT and OT systems, as well as security holes in…

According to Atlassian, security researcher Harrison Neal discovered that Jira Data Center — including Software Data Center and Core Data Center — and Jira Service Management Data Center software development products are affected by a critical flaw related to missing authentication for the Ehcache RMI network service. An attacker who can connect to this service…

European bug bounty and vulnerability disclosure policy platform YesWeHack this week announced the closing of a €16 million ($18.8 million) round of venture capital financing. The Series B funding round included investments from Banque des Territoires and Eiffel Investment Group, as well as existing investors Normandie Participations and CNP Assurances. Founded in 2015, the YesWeHack platform…

The world’s largest software company said Wednesday it would acquire CloudKnox, a Silicon Valley startup that sells tools to help companies manage and secure access to cloud accounts and data. Financial terms of the deal were not disclosed. CloudKnox, based in Sunnyvale, Calif., raised a total of $22.8 million in venture capital investments since its…

The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued a new joint advisory on a gas pipeline intrusion campaign allegedly conducted by Chinese state-sponsored hackers between 2011 and 2013. In addition, CISA has updated five advisories released between 2012 and 2017 to attribute malware and malicious activity to various nation states….