Google Boosts Bug Bounty Rewards for Linux Kernel Vulnerabilities
Called kCTF, the program was launched in 2020 to provide security researchers with the means to report vulnerabilities in the Google Kubernetes Engine (GKE), for which they receive a flag. “All of GKE and its dependencies are in scope, but every flag caught so far has been a container breakout through a Linux kernel vulnerability….
60% of IT leaders are not confident about their secure cloud access
60% of IT and security leaders are not confident in their organization’s ability to ensure secure cloud access, even as adoption continues to grow across a diverse range of cloud environments, according to research from the Ponemon Institute. The Global Study on Zero Trust Security for the Cloud surveyed nearly 1,500 IT decision makers and…
Snowflake Launches Cybersecurity Workload to Find Threats Across Massive Data Sets
Snowflake this week launched a new Cybersecurity workload that helps cybersecurity teams to better protect their enterprises using its platform and an extensive ecosystem of partners delivering security capabilities with connected applications, cybersecurity teams can quickly gain visibility and automation at cloud-scale. “With Snowflake’s Data Cloud, cybersecurity teams can break down data silos to enable…
Microsoft Finds Major Security Flaws in Pre-Installed Android Apps
According to an advisory released Friday by the Microsoft 365 Defender Research Team, a total of four documented vulnerabilities were found – and fixed – in a mobile framework owned by mce Systems, an Israeli company that provides software to mobile carriers. “Coupled with the extensive system privileges that pre-installed apps have, these vulnerabilities could…
devOcean Emerges From Stealth With Cloud-Native Security Operations Platform
The Israel-based startup was founded in 2021 by former CyberArk GMs of security research and innovation, Doron Naim and Gil Makmel, who now serve as CEO and CTO, respectively. At the moment, the company has 15 employees. devOcean says its Security-as-a-Service (SaaS) platform collects insights from all cloud and security tools to provide information on…
YL Ventures Closes $400 Million Cybersecurity Investment Fund
YL Ventures, an active venture capital firm that focuses on early-stage cybersecurity startups, has closed a new $400 million fund and announced plans to ramp up investments in Israel’s security technology sector. The Tel Aviv-based firm, which counts red-hot companies like Axonius and Orca Security among its portfolio, said the closing of its fifth fund…
Microsoft Azure Vulnerability Allowed Code Execution, Data Theft
Tracked as CVE-20220-29972, the security hole was identified in the third-party Open Database Connectivity (ODBC) data connector used in Integration Runtime (IR) in the affected Azure services to connect to Amazon Redshift. A remote attacker could have exploited the flaw to execute arbitrary commands across the IR infrastructure, impacting multiple tenants, the tech giant explains….
How Advances in Cloud Security Can Help with Ransomware
The ransomware scourge continues, with incidents hitting a U.S. record in the second quarter of 2021, as attackers expand into vertical industries and target critical infrastructure. Ransom demands have also been growing. According to IT Governance, the average decryption key rate from attackers is $140,000 yet many organizations end up paying much more than that….
Why SOC 2 Compliance Is a Matter of (Zero) Trust
SaaS solutions are now so entwined in business users’ daily routines that they seem to meld into one experience — or simply put, “the way I work.” Yet the reality is there are many disparate cloud applications in play across a typical enterprise — 364 on average – which means a lot of complexity and…
Ransomware, Malware-as-a-Service Dominate Threat Landscape
Red Canary’s 2022 Threat Detection Report (PDF) analyzed more than 30,000 confirmed threats across the firm’s customer base. The report notes that ransomware criminals have responded to improving target company backups by introducing sensitive data exfiltration and the threat of exposure (double extortion). “Backups will allow an organization to get back up and running more…
