Google Acquires Siemplify in Ambitious Cybersecurity Push
Financial terms of the transaction were not released but reports out of Israel peg the price tag in the range of $500 million. Google plans to pair Siemplify’s SOAR technology with its own home-built Chronicle security analytics platform to “change the rules on how organizations hunt, detect, and respond to threats,” according to Sunil Potti,…
What to Expect in 2022: Microservices Will Bring Macro Threats
The use of cloud software and services has grown with organizations taking advantage of the opportunity to reduce OPEX and offset support costs by using someone else’s hardware. In tandem, consumption of cloud services has increased with more people working remotely. Criminals have spotted this, and in 2021 we saw a few toe-in-the-water attacks culminating…
Citizen Lab Exposes Cytrox as Vendor Behind ‘Predator’ iPhone Spyware
Citizen Lab teamed up with the threat-intel team at Facebook parent company Meta to expose Cytrox alongside a handful of PSOAs (private sector offensive actors) in the murky surveillance-for-hire industry. In a detailed technical report published late Thursday, Citizen Lab said Cytrox is responsible for a piece of iPhone eavesdropping malware that was planted on…
Microsoft Patches 67 Security Flaws, Including Zero-Day Exploited by Emotet
In the final Patch Tuesday release for 2021, the Redmond, Wash. software giant called special attention to CVE-2021-43890, a spoofing vulnerability in the Microsoft Windows AppX installer and warned that the bug is being exploited in the wild by the Emotet malware operation. “Microsoft is aware of attacks that attempt to exploit this vulnerability by…
Firefox 95 Rolls Out With New ‘RLBox’ Isolation Feature
Dubbed RLBox, the new sandboxing technology has been developed in collaboration with academics at the University of California San Diego and the University of Texas and is meant to complement existing protections by isolating subcomponents. To keep users protected from web attacks, browsers run sites in sandboxed processes, but adversaries attempt to chain flaws to…
Source Code Security Firm Cycode Raises $56 Million
The investment, which brings the total raised by Cycode to $81 million, was led by private equity and venture capital firm Insight Partners, with participation from YL Ventures. The money will be used to fuel sales growth and accelerate product development. CycodeCycode offers a platform designed to address software supply chain security by providing visibility,…
Hardware Security Firm Axiado Banks $25M Investment
The company is building a Trusted Control/Compute Unit (TCU) product that is being positioned as a new class of security processors that provide platform root-of-trust for large enterprise customers. Axiado, which employs approximately 40 in Silicon Valley, said the $25 million Series B investment brings the total raised to $40 million. The round was led…
‘Sabbath’ Ransomware Operators Target Critical Infrastructure
According to a warning from Mandiant, the group previously operated under the names of Arcane and Eruption and was observed last year deploying the ROLLCOAST ransomware. In October 2021, the group created the public naming-and-shaming site 54BB47h (Sabbath), one month after a post was discovered where the malware group announced it was looking for partners…
Application Security Startup Wabbi Raises Over $2 Million in Seed Funding
The funding round was led by Mendoza Ventures, with participation from Cisco Investments and several other companies and angel investors. Wabbi plans on using the money to scale its team. The company offers a continuous security platform designed to help organizations develop secure software. Its capabilities include vulnerability management, policy management and compliance monitoring, and…
FBI: Ransomware Attacks Exploit Financial Business Events
Ransomware actors are known for performing extensive research prior to launching an attack on victims, using publicly available information, along with material non-public data. Should the victim refrain from paying the ransom, the attackers threaten to disclose the gathered information publicly, thus attempting to extort the victim, the FBI warned. “Ransomware actors are targeting companies…
