Delinea Acquires Authomize to Tackle Identity-Based Threats
Financial teams of the acquisition were not released but published reports out of Israel peg the price tag as “several tens of millions of dollars.” The private equity-owned Delinea, formed in April 2012 through the merger of Centrify and Thycotic, said the deal extends its reach into the lucrative identity category and adds technology to…
Apple Ships iOS 17.2 With Urgent Security Patches
The newest iOS 17.2 and iPadOS 17.2 contains fixes for at least 11 documented security defects, some serious enough to lead to arbitrary code execution or app sandbox escapes. According to an advisory from Cupertino’s security response team, the most serious issue is a memory corruption in ImageIO that may lead to arbitrary code execution…
Security Pros Warn That EU’s Vulnerability Disclosure Rule Is Risky
The European Union (EU) may soon require software publishers to disclose unpatched vulnerabilities to government agencies within 24 hours of an exploitation. Many IT security professionals want this new rule, set out in Article 11 of the EU’s Cyber Resilience Act (CRA), to be reconsidered. The rule requires vendors to disclose that they know about…
Credentials Hard-Coded in Cisco Emergency Location Tracker
Cisco has released urgent fixes to a critical vulnerability affecting an emergency communication system used to track callers’ location in real time. A developer inadvertently hard-coded credentials in Cisco Emergency Responder tracking and routing software, opening up a permanent backdoor for potential unauthenticated attackers. At some point in the development cycle, static user credentials for…
ASPM Is Good, But It’s Not a Cure-All for App Security
Application security posture management (ASPM) is a method of managing and improving the security of software applications. It encompasses the processes, tools, and practices designed to identify, classify, and mitigate security vulnerabilities across an application’s life cycle. It includes scanning for vulnerabilities, tracking identified vulnerabilities, managing patch processes, and implementing continuous monitoring and improvement procedures….
Every Application Journey Needs a Cybersecurity Platform
The desire for digital acceleration has led organizations to drive toward delivering faster and better application experiences and to bring applications and data closer to users and devices. Many organizations realize that application journeys are fluid in practice because applications can live anywhere from data centers to hybrid and multi-clouds to edge compute. The reason…
Cisco Flags Critical SD-WAN Vulnerability
A critical security vulnerability in Cisco’s SD-WAN vManage software could allow a remote, unauthenticated attacker to gain read and limited write permissions, and access data. The bug carries a score of 9.1 out of 10 on the CVSS vulnerability-severity scale, and it exists in the vManage API, which is used to monitor and configure Cisco…
Zimbra Zero-Day Demands Urgent Manual Update
Teams running the Zimbra Collaboration Suite version 8.8.15 are urged to apply a manual fix against a recently discovered zero-day vulnerability that’s being actively exploited in the wild. The Zimbra cloud suite offers email, calendar functions, and other enterprise collaboration tools. The vulnerability compromises the security of data on Zimbra servers, the company said in…
OX Security Launches OX-GPT, AppSec’s First ChatGPT Integration
OX Security, a leader in software supply chain security, today announced the launch of OX-GPT, the first ChatGPT integration to improve software supply chain security. With the new integration, OX now presents developers with customized fix recommendations and cut and paste code fixes, providing for quick remediation of critical security issues across the software supply…
40% of Global ICS Systems Attacked With Malware in 2022
More than 40% of the total number of global industrial control systems (ICS) computers saw some kind of malicious attack during the course of 2022. This volume of cyberattacks against industrial systems was led by growth in Russia, which, as a region, saw a full 9 percentage-point increase in malicious activity in 2022, according to…
