Will Cybersecurity Remain Recession-Proof in 2023?
We’ve recently seen substantial layoffs across the tech sector, to the tune of around 140,000 redundancies made by big names such as Amazon, Salesforce, Microsoft, and Tesla. As the recession bites, falling stock prices and further contraction in the market, together with merger and acquisition activity, are expected to force businesses to reduce head count…
PurpleUrchin Gang Embraces DevOps in Massive Cloud Malware Campaign
More information has become available on “PurpleUrchin,” a malicious campaign in which a threat group called Automated Libra is using DevOps and continuous integration/continuous deployment (CI/CD) practices to mine cryptocurrency on cloud platforms using free trial accounts. The campaign began in August 2019 and has mainly targeted platforms such as GitHub, Heroku, and ToggleBox. Security…
Oracle Cloud Infrastructure Vulnerability Exposed Sensitive Data
Referred to as #AttachMe and mentioned in Oracle’s July 2022 Critical Patch Update, the vulnerability could have exposed sensitive data to attackers knowing the victim’s Oracle Cloud Identifier (OCID). “OCI customers could have been targeted by an attacker with knowledge of #AttachMe. Any unattached storage volume, or attached storage volumes allowing multi-attachment, could have been…
Cloud Data Security Startup Theom Emerges From Stealth With $16 Million in Funding
The investment was led by Ridge Ventures and Microsoft’s M12 venture fund, and it will help the company expand its cloud data security solution. Founded by former executives from Google, Cisco and Yahoo, Theom has developed a product designed to help organizations secure data in the cloud and SaaS data stores. The company’s platform inventories…
Data Security Company Open Raven Raises $20 Million
The new investment round was led by Pelion Venture Partners, with existing investors Kleiner Perkins and Upfront Ventures also participating. Founded in 2019 by Crowdstrike and Microsoft alums, the Los Angeles-based company emerged from stealth in February 2020 to provide data security tools designed to prevent leaks, breaches, and compliance issues. Open Raven says its…
AWS Tokens Lurking in Android, iOS Apps Crack Open Corporate Cloud Data
Thousands of customer-facing Android and iOS mobile apps — including banking apps — have been found to contain hardcoded Amazon Web Services (AWS) credentials that would allow cyberattackers to steal sensitive information from corporate clouds. Symantec researchers uncovered 1,859 business apps that use hardcoded AWS credentials, specifically access tokens. Of these, three-quarters (77%) contain valid…
Google Boosts Bug Bounty Rewards for Linux Kernel Vulnerabilities
Called kCTF, the program was launched in 2020 to provide security researchers with the means to report vulnerabilities in the Google Kubernetes Engine (GKE), for which they receive a flag. “All of GKE and its dependencies are in scope, but every flag caught so far has been a container breakout through a Linux kernel vulnerability….
Data Security Firm Sotero Raises $8 Million in Seed Funding
The round was led by OurCrowd, with participation from existing investors Boston Seed Capital, Gutbrain Ventures, and PBJ Capital. Founded in 2017, the Burlington, MA-based Sotero provides a data-focused security platform that allows for the centralized management of data instances, applications, and security point solutions. Sotero’s cloud-native, zero trust solution provides auditability, visibility, governance, and…
60% of IT leaders are not confident about their secure cloud access
60% of IT and security leaders are not confident in their organization’s ability to ensure secure cloud access, even as adoption continues to grow across a diverse range of cloud environments, according to research from the Ponemon Institute. The Global Study on Zero Trust Security for the Cloud surveyed nearly 1,500 IT decision makers and…
API Security Losses Total Billions, But It’s Complicated
US companies face a combined $12 billion to $23 billion in losses in 2022 from compromises linked to Web application programming interfaces (APIs), which have proliferated with the increased adoption of cloud services and DevOps-style development methodologies, according to an analysis of breach data. In the last decade, API security has grown to become a…
