Software engineers tracking the quality of software bill of materials have stumbled on a startling discovery: Barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government. According to new data from software supply chain security startup Chainguard, SBOMs being generated by existing tools fail to meet the minimum ..
Tag : NEWS&INDUSTRY
Social media giant Meta has been fined an additional 5.5 million euros ($5.9 million) for violating EU data protection regulations with its instant messaging platform WhatsApp, Ireland’s regulator announced Thursday. The penalty follows a far larger 390-million-euro fine for Meta’s Instagram and Facebook platforms two weeks ago after they were found to have flouted the ..
B2B payment security provider NsKnox this week announced that it has raised $17 million in a new funding round that brings the total raised by the company to $35.6 million. The new investment round was led by new investors Link Ventures and Harel Insurance and Finance, with participation from previous investors Microsoft’s M12 and Viola ..
There is a problem with API security – it isn’t working very well, and it’s largely down to credential leakage. Most security professionals are confident in their own API credential management; but at the same time, most of the same professionals admit to having experienced a breach effected through compromised API credentials. In a survey ..
Cisco on Wednesday announced patches for a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME). Designed as enterprise call and session management platforms, Cisco Unified CM and Unified CM SME ensure the interoperability of applications such as Webex, Jabber, and more, while also maintaining availability ..
The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami on Wednesday, along with five associates in Europe, during an international operation against “darknet” markets. Anatoly Legkodymov, 40, a Russian living in Shenzhen, China, appeared in handcuffs and leg shackles in a Miami courtroom on money laundering charges, and was denied bail by a ..
A cross-site request forgery (CSRF) vulnerability impacting the source control management (SCM) service Kudu could be exploited to achieve remote code execution (RCE) in multiple Azure services, cloud infrastructure security firm Ermetic has discovered. A web-based Git repository manager, Kudu is the engine behind several Azure App Service features, supporting the deployment and management of ..
Sophos has confirmed reports that it’s laying off employees. The company joins several other major cybersecurity companies that have announced cutting staff over the past year. The first reports of layoffs at Sophos came from India. The company confirmed to TechCrunch that 10% of its global employee base is impacted. While an exact number has ..
Vendors and agencies are actively bypassing the security patch that Adobe released in February 2022 to address CVE-2022-24086, a critical mail template vulnerability in Adobe Commerce and Magento stores, ecommerce security firm Sansec warns. The CVE-2022-24086 bug (CVSS score of 9.8) is described as an improper input validation bug in the checkout process. It could ..
Fortinet warns of three new malicious PyPI packages containing code designed to fetch the Wacatac trojan and information stealer as a next stage payload. The three Python packages, ‘colorslib’, ‘httpslib’ and ‘libhttps’ were uploaded to PyPI (Python Package Index) on January 7 and January 12. All three packages were published by the same author from ..