The nearly $200 million it raised in December will allow Snyk to consolidate the developer security market through organic investment and acquisitions, says CEO Peter McKay. Snyk has focused on giving clients a 360-degree view of applications by integrating open-source security, container security, infrastructure-as-code security and cloud security together, he says. The company’s buy of…

We’ve recently seen substantial layoffs across the tech sector, to the tune of around 140,000 redundancies made by big names such as Amazon, Salesforce, Microsoft, and Tesla. As the recession bites, falling stock prices and further contraction in the market, together with merger and acquisition activity, are expected to force businesses to reduce head count…

For the second consecutive month, the world’s largest software maker rushed out patches to cover vulnerabilities that were already exploited as zero-days in the wild, including a pair of belated fixes for Microsoft Exchange Server security defects targeted by a state-sponsored threat actor for several months. As part of its scheduled Patch Tuesday update process,…

The Cupertino device maker confirmed the active exploitation of CVE-2022-42827, warning in a barebones advisory that the flaw exposes iPhones and iPads to arbitrary code execution attacks. “An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited,” Apple said…

The vulnerability, which carries a CVSS severity score of 7.3/10, is documented as a debugging port misconfiguration that is opened by the Zoom client on macOS machines. Details from Zoom’s advisory: Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When…

Referred to as #AttachMe and mentioned in Oracle’s July 2022 Critical Patch Update, the vulnerability could have exposed sensitive data to attackers knowing the victim’s Oracle Cloud Identifier (OCID). “OCI customers could have been targeted by an attacker with knowledge of #AttachMe. Any unattached storage volume, or attached storage volumes allowing multi-attachment, could have been…

On July 15, 2022, threat actors working on behalf of the government of Iran launched a destructive attack targeting the Albanian government’s websites and public services, taking them offline. The attack had less than 10% total impact on the customer environment. The campaign consisted of four different stages, with different actors responsible for every one…

The new investment round was led by Pelion Venture Partners, with existing investors Kleiner Perkins and Upfront Ventures also participating. Founded in 2019 by Crowdstrike and Microsoft alums, the Los Angeles-based company emerged from stealth in February 2020 to provide data security tools designed to prevent leaks, breaches, and compliance issues. Open Raven says its…