Cybersecurity Funding
2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem
Hi, what are you looking for?
SecurityWeek
Malware & Threats
A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.
Malware & Threats
Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information.
Nation-State
The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector.
Cyberwarfare
As Xi Jinping advances his vision for China’s dominance by 2049, cybersecurity experts warn that connected technologies—like EV batteries—may quietly serve as tools of...
Application Security
Identity and access management solutions provider Okta this week informed customers that some of the company’s source code was stolen recently from its GitHub...
Government
Companies have announced securing billions of dollars in cybersecurity-related contracts with the United States government in 2022.
Supply Chain Security
Researchers discovered that the Passwordstate enterprise password manager made by Australian company Click Studios is affected by serious vulnerabilities that could allow an unauthenticated...
Cybercrime
Security researchers with ReversingLabs warn of a new supply chain attack using a malicious PyPI module that poses as a software development kit (SDK)...
Risk Management
The U.S. Department of Commerce is adding 36 Chinese high-tech companies, including makers of aviation equipment, chemicals and computer chips, to an export controls...
Application Security
Microsoft-owned code hosting platform GitHub this week announced multiple security improvements, including free secret scanning for public repositories and mandatory two-factor authentication (2FA) for...
Application Security
Google introduces OSV-Scanner, a free vulnerability scanner for open source developers building on its open source vulnerability database.
Cybercrime
Phylum security researchers warn of a new software supply chain attack relying on typosquatting to target Python and JavaScript developers.
Endpoint Security
Mordechai Guri, a cybersecurity researcher from the Ben-Gurion University of the Negev in Israel who specializes in air gap jumping, has released a paper...
Malware & Threats
An Iran-linked advanced persistent threat (APT) actor named Agrius is using a new wiper in attacks targeting entities in South Africa, Israel and Hong...
Application Security
The U.S. government’s mandates around the creation and delivery of SBOMs (software bill of materials) to help mitigate supply chain attacks has run into...
Cloud Security
Researchers at firmware and hardware security company Eclypsium have identified several potentially serious vulnerabilities in baseboard management controller (BMC) firmware made by AMI (American...
Cloud Security
IBM recently patched a vulnerability in IBM Cloud Databases for PostgreSQL that could have exposed users to supply chain attacks.
Supply Chain Security
Developers have been warned that the popular Quarkus framework is affected by a critical vulnerability that could lead to remote code execution.Available since 2019,...
ICS/OT
Forescout Technologies has disclosed the details of three new vulnerabilities identified by its researchers in operational technology (OT) products from Festo and Codesys.
Mobile & Wireless
US authorities announced a ban Friday on the import or sale of communications equipment deemed "an unacceptable risk to national security" -- including gear...
Supply Chain Security
A cross-tenant vulnerability in Amazon Web Services (AWS) could have allowed attackers to abuse AWS AppSync to gain access to resources in an organization’s...
Cyberwarfare
Microsoft is warning organizations about the risks associated with the discontinued Boa web server after vulnerabilities affecting the software were apparently exploited by threat...
Compliance
Last month, CISA released cross-sector cybersecurity performance goals (CPGs) in response to President Biden’s 2021 National Security Memorandum on improving cybersecurity for critical infrastructure control...
Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.
RegisterLearn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.
RegisterExpert Insights
In a rapidly changing AI environment, CISOs are worried about investing in the wrong solution or simply not investing because they can’t decide what the best option is.
(Marc Solomon)
Adopting a layered defense strategy that includes human-centric tools and updating security components.
(Stu Sjouwerman)
A strong AI deployment starts with asking the right questions, mapping your risks, and thinking like an adversary — before it’s too late.
(Matt Honea)
It’s time for enterprises to stop treating unmanaged devices as an edge case and start securing them as part of a unified Zero Trust strategy.
(Etay Maor)
Many security professionals feel pressured to pursue leadership roles, but success can also mean going deeper, not just higher.
(Joshua Goldfarb)