Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. […]
Zest Security Aims to Resolve, Not Just Mitigate Cloud Risks
Zest Security emerged from stealth with $5 million funding and an AI-powered platform that resolves the root source of risk in the cloud.
The post Zest Security Aims to Resolve, Not Just Mitigate Cloud Risks appeared first on SecurityWeek.
Microsoft fixes bug behind Windows 10 Connected Cache delivery issues
Microsoft has fixed a known Windows 10 update issue that broke Microsoft Connected Cache (MCC) node discovery on enterprise networks. […]
KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack
American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices. […]
Dazz Scores Hefty $50M Investment for AI-Powered Risk Remediation Tech
The new financing brings the total raised by Dazz to $110 million as investors double down on bets in the cloud security remediation space.
The post Dazz Scores Hefty $50M Investment for AI-Powered Risk Remediation Tech appeared first on SecurityWeek.
Google Chrome now warns about risky password-protected archives
Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. […]
Is GhostEmperor Back? Sygnia Finds Clues in Recent Cyber Incident
Sygnia discovered what it believes to be a variant of the GhostEmperor infection chain leading to the Demodex rootkit – which was first seen and described in 2021.
The post Is GhostEmperor Back? Sygnia Finds Clues in Recent Cyber Incident appeared first on SecurityWeek.
CrowdStrike: ‘Content Validator’ bug let faulty update pass checks
CrowdStrike released a Preliminary Post Incident Review (PIR) on the faulty Falcon update explaining that a bug allowed bad data to pass its Content Validator and cause millions of Windows systems to crash on July 19, 2024. […]
Hot topics: Can’t-miss sessions at Mandiant’s 2024 mWISE event
Now that the mWISE 2024 session catalog is out, it’s time to take a closer look at the topics. Learn more from @mWISEConference about the three hottest tracks in this year’s conference. […]
Organizations Warned of Exploited Twilio Authy Vulnerability
CISA warns of the in-the-wild exploitation of CVE-2024-39891, a Twilio Authy bug leading to the disclosure of phone number data.
The post Organizations Warned of Exploited Twilio Authy Vulnerability appeared first on SecurityWeek.