LAS VEGAS – BLACK HAT USA 2022 – An analysis conducted by two researchers has revealed that some commercial cybersecurity products rely on algorithms that have been taken from other security tools without authorization.
How Bot and Fraud Mitigation Can Work Together to Reduce Risk
Onions are great for analogies, as are buckets full of stuff from the beach. In this piece, I’d like to take a look at how both of these analogies can help us understand how bot and fraud mitigation can work together to help enterprises both improve their security postures and lower their fraud losses.
Microsoft Publishes Office Symbols to Improve Bug Hunting
Microsoft Office has started publishing Office symbols for Windows in an effort to help bug hunters find and report security issues.
Symbols are pieces of information used during debugging, and are contained within Symbol files, which are created by the compiler during application build.
Twilio Hacked After Employees Tricked Into Giving Up Login Credentials
Enterprise software vendor Twilio (NYSE: TWLO) has been hacked by a relentless threat actor who successfully tricked employees into giving up login credentials that were then used to steal third-party customer data.
Ghost Security Snags $15M Investment for API Security Tech
Texas startup Ghost Security has joined the list of early-stage companies in the API and application security space attracting venture capital funding.
The Austin-based company emerged from stealth this week with $15 million in investments from 468 Capital, DNX Ventures, and Munich Re Ventures.
Slack Forces Password Resets After Discovering Software Flaw
Workplace productivity software giant Slack on Friday forced password resets for a tiny fraction of its users after the discovery of a security flaw that exposed Slack credentials.
Slack’s security response team alerted users to the issue via email and followed up with a blog post warning about the risk of passwords leaking to a skilled attacker.
Compliance Automation Startup RegScale Scores $20 Million Investment
RegScale, a Virginia startup building technology to manage continuous compliance automation tasks, has attracted $20 million in early-stage venture capital funding.
The Series A round was led by SYN Ventures with participation from SineWave Ventures, VIPC’s Virginia Venture Partners and SecureOctane.
Robinhood Crypto Penalized $30M for Violating NY Cybersecurity Regulations
VMware Ships Urgent Patch for Authentication Bypass Security Hole
Virtualization technology giant VMware on Tuesday shipped an urgent, high-priority patch to address an authentication bypass vulnerability in its Workspace ONE Access, Identity Manager and vRealize Automation products.
Go-Based Apps Vulnerable to Attacks Due to URL Parsing Issue
Israeli cloud-native application security testing firm Oxeye discovered that the way URL parsing is implemented in some Go-based applications creates vulnerabilities that could allow threat actors to conduct unauthorized actions.
