Month: October 2021

Cloud Security

Issued by: Security Week

The company’s agentless CNAPP solution aims to secure multi-cloud IaaS and PaaS environments, as well as containers and data, through a single, unified interface. Founded in February 2021, the Santa Clara, California-based company offers support for major cloud infrastructure providers, including AWS, Azure, Google, IBM, and Oracle. Microsec.ai claims to provide visibility into containers, microservices,…

Application Security

Issued by: Security Week

Featuring support for the FIDO2/WebAuthn and U2F protocols, YubiKey Bio Series leverages fingerprint recognition to enable users to securely log in to their accounts using a second factor or without passwords at all. The new security keys support the biometric enrollment and management features that have been implemented in modern platforms and operating systems. According…

Vulnerabilities

Issued by: Security Week

The ESET discovery is the second real-world UEFI bootkit to be publicly documented in recent weeks, following Kaspersky’s report on a new Windows UEFI bootloader fitted into the FinSpy surveillance spyware product. According to ESET researchers Anton Cherepanov and Martin Smolar, the malware has evaded detection for almost a decade and was engineered to bypass…

Mobile Security

Issued by: Security Week

Syniverse says it has roughly 1,250 customers across 200 countries, including a vast majority of the world’s mobile carriers, such as AT&T, Verizon, T-Mobile, Vodafone, China Mobile, Airtel, Telefónica, and América Móvil. The company’s services are used to connect the networks of different mobile carriers and enable the transmission of data. Syniverse says it enables…

Network Security

Issued by: Security Week

Duality Technologies says the funds will help it expand go-to-market operations, strengthen its position on the privacy-preserving segment and Privacy Enhancing Technologies (PETs), and to advance partnerships with technology vendors. The funding round was led by LG Technology Ventures. Existing investors Hearst Ventures, Intel Capital, and Team8, along with Euclidean Capital and NAventures, the corporate…

Cloud Security

Issued by: Security Week

Trusted Cloud Principles signatories say they are committed to maintaining consistent human rights standards across their services, while also ensuring that cloud services providers’ interests are protected. The initiative has received support from heavy industry names, including Amazon, Atlassian, Cisco, Google, Microsoft, and IBM, among others. “Trusted Cloud Principles signatories are committed to protecting the…

Application Security

Issued by: Security Week

The pilot program financially rewards developers who help improve the security of critical open source projects and is meant to complement existing vulnerability management programs. Committed to boost the security of the open source ecosystem, the Internet search giant recently pledged $100 million in support for projects that aim to fix vulnerabilities in open source…

Vulnerabilities

Issued by: Security Week

The PoC exploit targets CVE-2021-1810, a vulnerability that can lead to the bypass of all three protections that Apple implemented against malicious file downloads, namely file quarantine, Gatekeeper, and notarization. This issue was found in the Archive Utility component of macOS Big Sur and Catalina and can be exploited using a specially crafted ZIP file….

Network Security

Issued by: Security Week

The number of cybersecurity-related mergers and acquisitions announced in the past months has remained constant, with roughly 40 deals announced in September 2021 as well. September 1 – 15 ACA Group acquires Catelas Governance, risk, and compliance (GRC) advisor in financial services ACA Group announced buying Catelas, a company that has developed an electronic communications…

Cloud Security

Issued by: Security Week

The vulnerability was found by security researcher Imre Rad, who disclosed his findings last week on the Full Disclosure mailing list. Rad found the vulnerability in Extensible Service Proxy (ESP), an open source, Nginx-based proxy that enables API management capabilities for JSON/REST or gRPC API services. Its features include authentication, monitoring and logging. ESP is…