Security – SiliconANGLE

Nightfall AI and Snyk partner to provide AI-powered secrets scanning to developers

Duncan Riley — Thu, 12 Oct 2023 15:00:39 +0000

Cloud data protection startup Nightfall AI today announced a new partnership with cybersecurity company Snyk Ltd. to provide developers with artificial intelligence-powered secrets scanning capabilities. Secrets, in terms of what Nightfall scans for, are passwords, application programming interface keys, token and database credentials used by applications to validate users’ identities, ensure secure communications and provide access to privileged […]

The post Nightfall AI and Snyk partner to provide AI-powered secrets scanning to developers appeared first on SiliconANGLE.

Semperis adds Microsoft Entra ID support to its attack path management tool

Duncan Riley — Thu, 12 Oct 2023 12:00:33 +0000

Enterprise identity protection and cyber resilience startup Semperis Ltd. today announced the expansion of Forest Druid, its community-driven attack path management tool, to include support for Microsoft Entra ID, the service previously known as Azure AD. The additional support, coming after the company added support for Okta Inc. to its Purple Knight tool in August, is designed […]

The post Semperis adds Microsoft Entra ID support to its attack path management tool appeared first on SiliconANGLE.

Google issues new cybersecurity updates and initiatives

Duncan Riley — Thu, 12 Oct 2023 12:00:24 +0000

In commemoration of the 20th anniversary of Cybersecurity Awareness Month, Google LLC today introduced various updates and initiatives to enhance cybersecurity and ensure user-friendly online experiences. Cybersecurity Awareness Month was created in 2004 as a collaborative effort between the U.S. government and industry to ensure users have the resources they need to stay safer and […]

The post Google issues new cybersecurity updates and initiatives appeared first on SiliconANGLE.

Building materials provider Simpson Manufacturing struck by cyberattack

Duncan Riley — Wed, 11 Oct 2023 23:54:24 +0000

Simpson Manufacturing Co. Inc., an engineering firm and building material provider in the U.S., has been struck by a cyberattack that caused disruptions in its information technology infrastructure and applications. The disclosure was made in a filing with the Securities and Exchange Commission, with the company saying that after becoming aware of the malicious activity, […]

The post Building materials provider Simpson Manufacturing struck by cyberattack appeared first on SiliconANGLE.

As Michigan bank becomes latest victim, SEC opens probe into MOVEit vulnerability

Duncan Riley — Wed, 11 Oct 2023 23:27:02 +0000

The U.S. Securities and Exchange Commission has opened an investigation into the MOVEit vulnerability that has been used to compromise and steal data from thousands of companies and organizations as a Michigan-based bank has become the latest victim. MOVEit is managed file transfer software offered by Progress Software Corp. that is designed to provide secure and […]

The post As Michigan bank becomes latest victim, SEC opens probe into MOVEit vulnerability appeared first on SiliconANGLE.

Microsoft says China-linked hacking group targeting Confluence deployments

Maria Deutscher — Wed, 11 Oct 2023 17:55:36 +0000

Microsoft Corp. has determined that a China-linked hacking group is targeting deployments of Atlassian Corp. Plc’s Confluence collaboration software. Microsoft detailed the hacking campaign in a late Tuesday post on X, the social network previously known as Twitter. Atlassian confirmed the findings in a security advisory on its website. The hacking campaign is exploiting a […]

The post Microsoft says China-linked hacking group targeting Confluence deployments appeared first on SiliconANGLE.

New Magecart malware concealment tactics, hiding inside web status page

David Strom — Wed, 11 Oct 2023 14:34:13 +0000

The malware group behind Magecart continues to be on the cutting edge of hiding in plain sight. A report this week from Roman Lvovsky, an Israeli security researcher at Akamai Technology, demonstrates three obfuscation techniques that have been recently spotted by their telemetry. Magecart has been operating for years infecting various e-commerce websites, most notably […]

The post New Magecart malware concealment tactics, hiding inside web status page appeared first on SiliconANGLE.

Report finds two-thirds of organizations have experienced a breach in last two years

Duncan Riley — Wed, 11 Oct 2023 13:00:37 +0000

A new report released today by cybersecurity firm Critical Start Inc. has found that two-thirds of organizations have experienced a breach requiring attention within the last two years despite having traditional threat-based security measures in place. The biannual Critical Start Cyber Threat Intelligence Report, which leverages research from the company’s Cyber Threat Intelligence team, highlights top cyber threats from […]

The post Report finds two-thirds of organizations have experienced a breach in last two years appeared first on SiliconANGLE.

Arctic Wolf acquires venture-backed cybersecurity provider Revelstoke

Maria Deutscher — Tue, 10 Oct 2023 21:35:21 +0000

Arctic Wolf Networks Inc. today announced that it has acquired Revelstoke Security Inc., a cybersecurity startup backed by $38 million in funding. The terms of the deal were not disclosed. Arctic Wolf is a major provider of managed cybersecurity services that has raised more than $600 million in equity and debt financing from investors. The […]

The post Arctic Wolf acquires venture-backed cybersecurity provider Revelstoke appeared first on SiliconANGLE.

Distributed denial-of-service attacks are growing bigger and more lethal

David Strom — Tue, 10 Oct 2023 15:59:09 +0000

A sad and scary new record was set this past week, with the latest and biggest distributed denial-of-service attack. The network security provider Cloudflare Inc. posted on its blog today that it had observed and repelled the attack in August. The previous volumetric record was set in February, the August attack was three times as much. […]

The post Distributed denial-of-service attacks are growing bigger and more lethal appeared first on SiliconANGLE.

Veza unveils new identity governance and administration solution to bolster security

Duncan Riley — Tue, 10 Oct 2023 13:00:33 +0000

Data security platform startup Veza Inc. today announced the launch of its new identity governance and administration solution with a promise to deliver next-generation identity security for enterprises. Called Next-Gen IGA, the new solution comprises the Veza Access Control Platform and new products for provisioning and de-provisioning, access reviews, access visibility and access intelligence. The new IGA […]

The post Veza unveils new identity governance and administration solution to bolster security appeared first on SiliconANGLE.

Security governance startup Gutsy launches with $51M in funding

Duncan Riley — Tue, 10 Oct 2023 13:00:11 +0000

Security governance startup Gutsy.io Inc. today launched with $51 million in funding and a product that’s claimed to revolutionize security governance with process mining. Founded by cybersecurity veterans and serial entrepreneurs Ben Bernstein, Dima Stopel and John Morello, Gutsy’s solution applies process mining, a data-driven approach to process analysis and improvement, to cybersecurity for what it […]

The post Security governance startup Gutsy launches with $51M in funding appeared first on SiliconANGLE.

Google to start prompting users to set up passkeys by default

Duncan Riley — Tue, 10 Oct 2023 12:00:39 +0000

A year after first making passkeys available for developers in Android and on Chrome, Google LCC announced today that it’s now giving all users the ability to set up their own passkeys by default. Passkeys are a type of authentication credential that allows users to log in to sites and services without having to enter […]

The post Google to start prompting users to set up passkeys by default appeared first on SiliconANGLE.

New Fortanix features help address growing data sovereignty requirements

Duncan Riley — Tue, 10 Oct 2023 07:00:23 +0000

Intel Corp.-backed multicloud security firm Fortanix Inc. today announced new capabilities for its Data Security Manager that help public and private organizations address growing data sovereignty requirements globally. The new and existing features in Fortanix DSM deliver several key capabilities. They include support for sovereign cloud, key storage in sovereign boundaries, anonymization of private data, and centralized control […]

The post New Fortanix features help address growing data sovereignty requirements appeared first on SiliconANGLE.

On theCUBE Pod: Whether or not to pay ransoms and diving into the Flexport drama

Ryan Stevens — Mon, 09 Oct 2023 18:52:10 +0000

On the past two editions of theCUBE Podcast, industry analysts John Furrier and Dave Vellante have discussed the ransomware attack that crippled services at MGM Resorts International Inc., and it turns out the details reported were correct. What’s coming out now are the details of the damage done. The Wall Street Journal reported Thursday that MGM Resorts […]

The post On theCUBE Pod: Whether or not to pay ransoms and diving into the Flexport drama appeared first on SiliconANGLE.

The Predator Files describe another nefarious global spyware campaign

David Strom — Mon, 09 Oct 2023 16:40:35 +0000

A group of journalists and researchers today released evidence of a massive campaign to spy on numerous political leaders across the globe. Called “The Predator Files,” the project covers the use of potent spyware that targeted more than 50 social media accounts in 10 countries beginning in February. It documents the reports from dozens of […]

The post The Predator Files describe another nefarious global spyware campaign appeared first on SiliconANGLE.

ClearDATA to add SaaS option for its health data security and compliance platform

Duncan Riley — Mon, 09 Oct 2023 13:00:15 +0000

Healthcare data security and compliance company ClearDATA Inc. announced today that its healthcare-native cloud security posture management CyberHealth Platform will soon be available as a software-as-a-service offering and that it’s expanding its services and support options for all customers. The ClearDATA CyberHealth Platform is designed to ensure security, compliance and privacy in the healthcare sector. The platform […]

The post ClearDATA to add SaaS option for its health data security and compliance platform appeared first on SiliconANGLE.

DNA profiles stolen from 23andMe advertised for sale on BreachForums

Duncan Riley — Sun, 08 Oct 2023 23:33:33 +0000

A hacker on the infamous hacking site BreachForums is advertising DNA profiles stolen in a credential-stuffing attack on genetic testing company 23andMe Holding Co. for sale. The listing, by a user named “Golem,” offers “DNA profiles of millions, ranging from the world’s top business magnates to dynasties often whispered about in conspiracy theories,” suggesting Ashkenazi […]

The post DNA profiles stolen from 23andMe advertised for sale on BreachForums appeared first on SiliconANGLE.

Report: MGM Resorts refused to pay hackers following ransomware attack

Maria Deutscher — Fri, 06 Oct 2023 20:11:01 +0000

MGM Resorts International Inc. reportedly refused to pay a ransom that hackers demanded following a cyberattack against its properties last month. The Wall Street Journal reported the decision late Thursday. The same day, MGM Resorts submitted a regulatory filing that revealed new details about the breach. The company disclosed that the hackers stole some customers’ […]

The post Report: MGM Resorts refused to pay hackers following ransomware attack appeared first on SiliconANGLE.

Prolific malware and botnet operator Qakbot still operating despite FBI takedown

Duncan Riley — Thu, 05 Oct 2023 23:02:36 +0000

A little over a month since a multinational task force headed by the U.S. Federal Bureau of Investigation and Dutch police claimed to have taken down prolific malware and botnet operator Qakbot, the threat actors behind Qakbot are back, but in a surprising twist, it appears they never went away to begin with. The return of […]

The post Prolific malware and botnet operator Qakbot still operating despite FBI takedown appeared first on SiliconANGLE.

Veeam gets into the backup-as-a-service game for Microsoft 365 and Microsoft Azure

Zeus Kerravala — Thu, 05 Oct 2023 17:55:25 +0000

Veeam Software Inc. Wednesday announced a couple of new offerings in the backup-as-a-service market: Cirrus by Veeam for Microsoft 365 and Microsoft Azure. I had a chance to get a pre-briefing with Veeam Chief Technology Officer Danny Allan and asked him what was behind this move. He said it’s primarily about giving customers the flexibility […]

The post Veeam gets into the backup-as-a-service game for Microsoft 365 and Microsoft Azure appeared first on SiliconANGLE.

Red Cross aims to make civilian wartime hacking more humanitarian

David Strom — Thu, 05 Oct 2023 16:58:40 +0000

The role of civilian hackers during warfare continues to expand, and now at least one group is trying to set up some rules of engagement. But whether the proposal from the International Committee of the Red Cross announced Wednesday will gain any traction and make these attempts more humane is anyone’s guess. Civilian hackers have participated […]

The post Red Cross aims to make civilian wartime hacking more humanitarian appeared first on SiliconANGLE.

‘Looney Tunables’ Linux vulnerability could allow threat actors to run malicious code

Duncan Riley — Thu, 05 Oct 2023 01:22:59 +0000

A newly discovered high-severity Linux vulnerability that has been present on many Linux distributions for at least two years could allow threat actors to run malicious code with elevated privileges. Discovered by researchers at the Qualys Threat Research Unit, the vulnerability has been dubbed “Looney Tunables” in reference to the GLIBC_TUNABLES environment variable involved in […]

The post ‘Looney Tunables’ Linux vulnerability could allow threat actors to run malicious code appeared first on SiliconANGLE.

BlackBerry to split in two, take IoT business public next year

Duncan Riley — Thu, 05 Oct 2023 00:39:04 +0000

BlackBerry Ltd. announced today that it plans to split its business into two — one company for its cybersecurity business and another for its internet of things business, which it aims to take public in an initial public offering next year. The decision to split its existing business came after a review of its portfolio […]

The post BlackBerry to split in two, take IoT business public next year appeared first on SiliconANGLE.

Cloud incident response company Mitiga adds Cisco as an investor

Duncan Riley — Thu, 05 Oct 2023 00:00:52 +0000

Cloud incident response company Mitiga Security Inc. today announced that Cisco Investments, the investment arm of Cisco Systems Inc., has made a strategic investment in the company to support greater market adoption among enterprises seeking modern security solutions for their cloud and software-as-a-service environments. Founded in 2019, Mitiga offers a cloud and SaaS incident platform called IR2 […]

The post Cloud incident response company Mitiga adds Cisco as an investor appeared first on SiliconANGLE.

Navigating the intersection of AI and cybersecurity: One CISO’s strategies for a resilient future

Chad Wilson — Wed, 04 Oct 2023 14:54:27 +0000

The promise of artificial intelligence casts a spotlight on the potential for transformative business change in the evolving landscape of technology. Beneath this luminous optimism, however, lurk shadows of concern, fear and uncertainty surrounding security, privacy and governance. At this week’s “Possible 2023” event, theCUBE spoke with experts on the current state of cybersecurity, AI […]

The post Navigating the intersection of AI and cybersecurity: One CISO’s strategies for a resilient future appeared first on SiliconANGLE.

AWS will require multifactor authentication for Management Console access starting mid-2024

Duncan Riley — Wed, 04 Oct 2023 00:01:59 +0000

Amazon Web Services Inc. customers will be required to use multifactor authentication to log into their AWS Management Console starting i mid-2024 in a move designed to strengthen the security posture of AWS. The announcement today was made by Steve Schmidt, vice president of security engineering and chief security officer at Amazon, who explained in a post […]

The post AWS will require multifactor authentication for Management Console access starting mid-2024 appeared first on SiliconANGLE.

Google’s new requirements for bulk email senders aimed at keeping Gmail spam-free

Duncan Riley — Tue, 03 Oct 2023 15:00:43 +0000

Google LLC today announced that it’s introducing new requirements for bulk email senders with an aim to help keep Gmail safe, user-friendly and spam-free. The new requirements, set to be introduced by February 2024, are designed to tackle spam and malicious emails. In a blog post, Neil Kumaran, group product manager of Gmail security and trust, […]

The post Google’s new requirements for bulk email senders aimed at keeping Gmail spam-free appeared first on SiliconANGLE.

Cohesity expands Data Security Alliance with new data security posture management vendors

Duncan Riley — Tue, 03 Oct 2023 13:00:27 +0000

Data management provider Cohesity Inc. today announced an expansion to its Data Security Alliance ecosystem with the addition of leading data security posture management vendors to identify and locate previously unknown data repositories and mitigate associated security and privacy risks. Cohesity launched the Data Security Alliance in November. The initial members of the alliance included a long […]

The post Cohesity expands Data Security Alliance with new data security posture management vendors appeared first on SiliconANGLE.

New Stack Identity service provides daily reports on shadow access risks

Duncan Riley — Tue, 03 Oct 2023 11:00:36 +0000

Identity security platform startup Stack Identity Inc. today announced Shadow Access Risk Assessment Freemium, a free service that provides users with a daily report of shadow access risks in their environment. Shadow access risk — the risk posed by unauthorized access to information technology resources and systems when employees use unauthorized devices, applications, or credentials to […]

The post New Stack Identity service provides daily reports on shadow access risks appeared first on SiliconANGLE.