Apache Foundation Calls Out Open-Source Leechers
“[The] community is defined by those who show up and do the work. Companies that build open source into their products rarely participate in their continued maintenance,” the ASF said in a position paper published ahead of a high-level White House meeting on open-source software security. “Only a tiny percentage of downstream companies (reusing the…
Europol Ordered to Delete Data Not Linked With Crime
The European Data Protection Supervisor said Monday that Europol was notified of the order on Jan. 3 following an inquiry that started in 2019. As part of the investigation, the EDPS said it reprimanded Europol two years ago “for the continued storage of large volumes” of such data, “which poses a risk to individuals’ fundamental…
Attackers Hitting VMWare Horizon Servers With Log4j Exploits
The warning comes almost exactly one month after the first disclosure of a Log4j remote code execution vulnerability that threatens major damage on the internet and heightens the urgency for enterprise defenders to find and fix the issue. According to an advisory from NHS Digital, attackers are exploiting the critical vulnerability in the Apache Tomcat…
IT/OT Convergence Is More Than a Catchy Phrase
In light of recent incidents that impacted both information technology (IT) and operational technology (OT) environments, organizations are increasingly evaluating the risks associated with growing IT/OT convergence. IT environments include cloud computing, internal and outsourced Internet applications, and business and technical systems used across the organization, such as for e-commerce, human resources, and engineering. OT…
Patchwork APT caught in its own web
Patchwork is an Indian threat actor that has been active since December 2015 and usually targets Pakistan via spear phishing attacks. In its most recent campaign from late November to early December 2021, Patchwork has used malicious RTF files to drop a variant of the BADNEWS (Ragnatela) Remote Administration Trojan (RAT). What is interesting among…
Biometric Face Authentication Firm iProov Takes $70M Investment
Launched to the public in 2013, iProov helps customers verify customer identity and protect against spoof attacks from photos, videos, masks, and even deepfakes. Used for onboarding and authentication, iProov says customers including the U.S. Department of Homeland Security, the UK Home Office, the UK National Health Service (NHS), the Australian Taxation Office, GovTech Singapore,…
Rethinking Cybersecurity Jobs as a Vocation Instead of a Profession
Are cybersecurity jobs a profession or a vocation? When we consider the current workforce shortage in cybersecurity, our existing assumptions about the nature of cybersecurity jobs may be exacerbating the shortfall. For this reason, we may need to consider new ways of thinking about jobs within the cybersecurity field and the appropriate institutional structures that…
Recorded Future Acquires SecurityTrails in $65M Deal
With this transaction, Somerville, Mass.-based Recorded Future gets a direct entry into the competitive continuous Attack Surface Management (ASM) business and new technology to help organizations with real-time visibility into networks and servers exposed to malicious actors. The $65 million deal comes less than a year after Recorded Future announced an early-stage investment in SecurityTrails…
VMware Plugs Security Holes in Workstation, Fusion and ESXi
Tracked as CVE-2021-22045 (CVSS score of 7.7), the security vulnerability exists in the CD-ROM device emulation function of Workstation, Fusion and ESXi. In an advisory, VMWare said the security defect could be exploited by attackers with access to a virtual machine that has CD-ROM device emulation enabled. An attacker capable of combining the security error…
Google Acquires Siemplify in Ambitious Cybersecurity Push
Financial terms of the transaction were not released but reports out of Israel peg the price tag in the range of $500 million. Google plans to pair Siemplify’s SOAR technology with its own home-built Chronicle security analytics platform to “change the rules on how organizations hunt, detect, and respond to threats,” according to Sunil Potti,…
