The team of entrepreneurs that created and sold Twistlock to Palo Alto are peeling the wraps of a brand new cybersecurity upstart focused on redefining security governance. The new venture, called Gutsy, burst onto the scene Tuesday with a whopping $51 million in seed-stage financing and ambitious plans to apply process mining techniques to solve ..
Tag : Audits
The North Atlantic Treaty Organization (NATO) is looking for penetration testing vendors to assess the security posture of its internet-facing web assets. A notice posted by the US Department of Commerce (DOC) last week shows that the NATO International Military Staff (IMS) plans to launch an invitation for International Competitive Bidding (ICB) in this regard. ..
Vendors and agencies are actively bypassing the security patch that Adobe released in February 2022 to address CVE-2022-24086, a critical mail template vulnerability in Adobe Commerce and Magento stores, ecommerce security firm Sansec warns. The CVE-2022-24086 bug (CVSS score of 9.8) is described as an improper input validation bug in the checkout process. It could ..
Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to complete vehicle compromise. Tesla, in tandem with Pwn2Own organizations Zero Day Initiative, is offering a $600,000 cash prize to any hacker capable of writing exploits that pivot through multiple systems in ..
A new Android banking trojan has been found, targeting international banks from the United Kingdom and Italy (including in the U.S.). and five different cryptocurrency services. Twenty-two instances have been discovered, but more are expected. The malware, first detected at the end of October 2021, appears to be new and still being developed. It was ..
Fears of software supply chain attacks escalated again this week with a new warning from Microsoft that it has caught Iranian threat actors breaking into IT services shops in India and Israel and using that access to hit the real targets. Two of Redmond’s premier threat hunting units — the Microsoft Threat Intelligence Center (MSTIC) ..
Video messaging technology giant Zoom has shipped patches for high-severity vulnerabilities that expose enterprise users to remote code execution and command injection attacks. The company released multiple security bulletins to warn of the risks and called special attention to a pair of “high-risk” bugs affecting its on-prem meeting connector software and the popular Keybase Client. ..
United States Vice President Kamala Harris on Wednesday formally announced support for the Paris Call for Trust and Security in Cyberspace, an international collaborative initiative aimed at advancing cybersecurity. Issued in 2018, the Paris Call details nine principles to improve stability in cyberspace through global collaboration, and has been already signed by 79 countries. The ..
A major security vulnerability in the WP Reset PRO WordPress plugin could be exploited by an authenticated user to wipe the entire database of a website, according to a warning from researchers at Packstack (formerly WebARX). The issue can be exploited by any authenticated user, regardless of their authorization, to wipe all tables in a ..
Enterprise networking giant Cisco has released patches for multiple vulnerabilities across its product portfolio, including critical security defects in Catalyst Passive Optical Network (PON) series switches and the Policy Suite product. The most severe of these issues are CVE-2021-34795 and CVE-2021-40113 (CVSS 10.0), two flaws in Catalyst PON switches that could be exploited to log ..