application security Archives - Page 9 of 15

UK-Based API Security Firm 42Crunch Raises $17 Million

Issued by: Security Week

42Crunch provides an application programming interface (API) ‘micro firewall’. APIs are a serious and growing threat vector. In 2019, Gartner stated, “By 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications.” Its proposed solution was, “Use a Combination of API Management and Web…

Software Security

Diplomatic Entities Targeted with New ‘Moriya’ Windows Rootkit

Issued by: Security Week

Dubbed Moriya, the rootkit provides the threat actor with the ability to intercept network traffic and hide commands sent to the infected machines, thus allowing the attackers to stay hidden within the compromised networks for months. The rootkit is part of the toolkit used by TunnelSnake, an unknown actor that deploys backdoors onto public servers…

Application Security, Cloud Security

DevSecOps Company Sysdig Raises $188 Million at $1.19 Billion Valuation

Issued by: Security Week

The latest funding round, which brings the total raised by the company to $394 million, was led by Premji Invest & Associates and Third Point Ventures, with participation from Accel, Bain Capital Ventures, DFJ Growth, Glynn Capital, Goldman Sachs, Insight Partners, and Next47. The money will be used by the company to improve its products,…

Application Security

Adobe Releases Open Source Anomaly Detection Tool “OSAS”

Issued by: Security Week

Building on previous research, white papers, and other projects from Adobe’s Security Intelligence Team, OSAS out-of-the-box allows researchers to experiment with datasets, control data processing and feature combining, and help identify a solution for detecting security threats. The new open-source project tackles the issue of data sparsity, which may appear when using machine learning (ML)…

Vulnerabilities

Vulnerability in CocoaPods Dependency Manager Exposed Millions of Apps

Issued by: Security Week

A dependency manager for Swift and Objective-C Cocoa projects, CocoaPods has more than 82,000 libraries and is being used in over 3 million applications. The tool is built using Ruby and can be used with the default Ruby on macOS. The identified vulnerability, Justicz explains, resides in a function designed to check that, when a…

Cloud Security

Druva Raises $147 Million at $2 Billion Valuation

Issued by: Security Week

The funding round was led by investment group Caisse de dépôt et placement du Québec (CDPQ), with participation from Neuberger Berman, Viking Global Investors and Atreides Management. The money will be used to continue the company’s expansion. Druva has developed a cloud-nacybersecuritytive platform that helps organizations protect data across cloud environments, endpoint devices, SaaS applications…

Application Security

SaaS Security Company Grip Security Emerges From Stealth

Issued by: Security Week

Grip Security has developed a platform that is designed to help organizations discover, monitor and secure their SaaS applications, regardless of where they are located and what types of devices they are running on. The company claims its platform is easy to deploy, it doesn’t impact performance, and it can be used either on its…

Vulnerabilities

Google Project Zero Announces 2021 Updates to Vulnerability Disclosure Policy

Issued by: Security Week

Project Zero has announced three major changes to its vulnerability disclosure policy in 2021, compared to 2020. Until now, if Project Zero researchers found a security hole in a product, it was disclosed after exactly 90 days, regardless of when a patch was released or whether a patch was available at all. The impacted vendor…

Malware & Threats

Collaboration Platforms Increasingly Abused for Malware Distribution, Data Exfiltration

Issued by: Security Week

With the COVID-19 pandemic forcing many organizations to switch to telework, interactive communication platforms such as Discord and Slack saw increased adoption and adversaries didn’t wait long to start abusing these tools. According to Cisco’s Talos researchers, the past year has shown a significant increase in the abuse of such platforms as part of malicious…

Vulnerabilities

Pwn2Own 2021 Participants Earn Over $1.2 Million for Their Exploits

Issued by: Security Week

Over the course of three days, participants made 23 attempts, targeting Safari, Chrome, Edge, Windows 10, Ubuntu, Microsoft Teams, Zoom, Parallels, Oracle VirtualBox, and Microsoft Exchange. Oracle VirtualBox was only targeted by one team and their attempt failed. The other products were all hacked by at least one team. Results from Pwn2Own 2021The highest rewards…