Cymulate, a late-stage Israeli startup in the breach and attack simulation space, has closed a $70 million Series D funding round led by existing investor One Peak.
Zyxel Patches Critical Vulnerability in NAS Firmware
Networking solutions provider Zyxel has released patches for a critical-severity vulnerability impacting the firmware of multiple network attached storage (NAS) device models.
Hardcoded AWS Credentials in 1,800 Mobile Apps Highlight Supply Chain Issues
Symantec has discovered hardcoded AWS credentials in more than 1,800 mobile applications and warned of the potential risks associated with poor security practices.
While Symantec’s threat hunting team has looked at both Android and iOS apps, nearly all of the applications containing hardcoded credentials were developed for iOS.
Academics Devise Open Source Tool For Hunting Node.js Security Flaws
A group of academic researchers have designed an open source Node.js bug hunting tool that has already identified 180 security vulnerabilities.
Google Launches Bug Bounty Program for Open Source Projects
Google today introduced a new bug bounty program to reward security researchers who discover and report vulnerabilities in the company’s open source projects.
As part of the new Open Source Software Vulnerability Rewards Program (OSS VRP), Google is offering bug bounty payouts of up to $31,337. The lowest vulnerability reward will be $100.
Atlassian Ships Urgent Patch for Critical Bitbucket Vulnerability
Atlassian’s security response team has issued an urgent advisory to warn of a critical command injection flaw in its Bitbucket Server and Data Center product.
The vulnerability carries a CVSS severity score of 9.9 out of 10 and can be exploited remotely to launch code execution attacks, Atlassian said.
LastPass Says Source Code Stolen in Data Breach
Password management software firm LastPass has suffered a data breach that led to the theft of source code and proprietary technical information.
BalkanID Adds $2.3M to Seed Funding Round
BalkanID, a Texas startup building technology in the Identity Governance and Administration (IGA) space, has added $2.3 million to its seed financing round, bringing the total raised to $8.1 million.
Google Open Sources ‘Paranoid’ Crypto Testing Library
Google has officially announced the open sourcing of ‘Paranoid’, a project for identifying well-known weaknesses in cryptographic artifacts.
Plex Confirms Database Breach, Data Theft
Popular streaming media platform Plex is scrambling to reset user passwords after a database hack that included the theft of emails, usernames, and encrypted passwords.
