40% of Global ICS Systems Attacked With Malware in 2022
More than 40% of the total number of global industrial control systems (ICS) computers saw some kind of malicious attack during the course of 2022. This volume of cyberattacks against industrial systems was led by growth in Russia, which, as a region, saw a full 9 percentage-point increase in malicious activity in 2022, according to…
Snyk CEO Peter McKay on Making Defense Easier for Developers
The nearly $200 million it raised in December will allow Snyk to consolidate the developer security market through organic investment and acquisitions, says CEO Peter McKay. Snyk has focused on giving clients a 360-degree view of applications by integrating open-source security, container security, infrastructure-as-code security and cloud security together, he says. The company’s buy of…
Will Cybersecurity Remain Recession-Proof in 2023?
We’ve recently seen substantial layoffs across the tech sector, to the tune of around 140,000 redundancies made by big names such as Amazon, Salesforce, Microsoft, and Tesla. As the recession bites, falling stock prices and further contraction in the market, together with merger and acquisition activity, are expected to force businesses to reduce head count…
F5 Distributed Cloud App Infrastructure Protection detects vulnerabilities in real time
F5 launches F5 Distributed Cloud App Infrastructure Protection (AIP), a cloud workload protection solution that expands application observability and protection to cloud-native infrastructures. Powered by technology acquired with Threat Stack, AIP is the newest addition to the F5 Distributed Cloud Services portfolio of cloud-native SaaS-based application security and delivery services. Organizations of all sizes across…
Patch Tuesday: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks
The operating system update, released as part of Microsoft’s scheduled Patch Tuesday, addresses a flaw that lets malicious attackers use rigged files to evade MOTW (Mart of the Web) defenses. “An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability…
Critical vulnerability in Spotify’s Backstage discovered, patched
A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in their environments. What is Backstage? Having more than 19,000 stars on Github, Backstage is one of the most popular open-source platforms for building developer portals and is in widespread use…
NSA Publishes Guidance on Mitigating Software Memory Safety Issues
Caused by how programs manage or allocate memory, logic errors, incorrect order of operations, or the use of uninitialized variables, software memory safety issues are often exploited for remote code execution (RCE). Representing the most common cause of vulnerabilities in many cases (Microsoft and Google blame memory safety issues for 70% of their bugs), memory…
Wib Launches API Security Platform After Raising $16 Million
The company says its API security platform provides complete visibility and control. Its capabilities include automated inventory and change management, and the platform enables organizations to identify rogue and shadow APIs, and analyze business risk and impact. Wib was founded in August 2021 by serial entrepreneur Gil Don (CEO), Ran Ohayon (CRO) and Tal Steinherz….
Microsoft Scrambles to Thwart New Zero-Day Attacks
For the second consecutive month, the world’s largest software maker rushed out patches to cover vulnerabilities that were already exploited as zero-days in the wild, including a pair of belated fixes for Microsoft Exchange Server security defects targeted by a state-sponsored threat actor for several months. As part of its scheduled Patch Tuesday update process,…
US Gov Issues Supply Chain Security Guidance for Software Suppliers
Created by the Enduring Security Framework (ESF), a cross-sector working group seeking to mitigate the risks threatening the critical infrastructure and national security, the guidance provides recommendations for developers, suppliers, and organizations. In September, the three US agencies released the first part of the series, which included recommendations for developers looking to improve the software…
