Push Security, a British startup building technology to help defenders manage cloud software sprawl and shadow IT, has banked $4 million in early-stage venture capital funding.
Push Security Banks $4 Million Seed Funding
Huntress Acquires Security Awareness Training Startup Curricula for $22M
Managed detection and response (MDR) platform provider Huntress has shelled out $22 million to acquire Curricula, a startup in the growing security awareness business.
Huntress, based in Ellicott City, Maryland, said the deal adds a fun, story-based security awareness training platform to its stable of cybersecurity offerings.
Moussouris: U.S. Should Resist Urge to Match China Vuln Reporting Mandate
A prominent cybersecurity executive is calling on the U.S. government to resist the urge to match China’s reported mandates around early vulnerability disclosure, warning that such a move would “meaningfully and dramatically increase the risk” of zero-day flaws landing in the wrong hands.
Supply Chain Attack Technique Spoofs GitHub Commit Metadata
Security researchers at Checkmarx are warning of a new supply chain attack technique that relies on spoofed commit metadata to add legitimacy to malicious GitHub repositories.
Microsoft Releases Open Source Toolkit for Generating SBOMs
Software giant Microsoft has open-sourced its internal tool for generating SBOMs (software bill of materials) as part of a move to help organizations be more transparent about supply chain relationships between components used when building a software product.
Microsoft Patch Tuesday: 84 Windows Vulns, Including Already-Exploited Zero-Day
Microsoft has issued an urgent Patch Tuesday bulletin to warn of in-the-wild zero-day exploitation of a privilege escalation flaw in the Windows operating system.
Adobe Patch Tuesday: Critical Flaws in Acrobat, Reader, Photoshop
Software maker Adobe has rolled out a major security update for its flagship Acrobat and Reader products to fix at least 22 documented vulnerabilities, some serious enough to cause arbitrary code execution attacks.
Microsoft Makes Windows Autopatch Generally Available
Just ahead of the July 2022 Patch Tuesday, Microsoft has announced the general availability of Windows Autopatch, a new capability that allows enterprises to automate the rollout of Windows and other updates.
Free Decryptors Released for AstraLocker Ransomware
Cybersecurity firm Emsisoft has released free decryptor tools for AstraLocker, a “smash-and-grab” ransomware family that was recently retired.
OpenSSL Patches Remote Code Execution Vulnerability
OpenSSL has issued an urgent advisory to warn of a memory corruption vulnerability that exposes servers to remote code execution attacks.
The vulnerability, tracked as CVE-2022-2274, was introduced in OpenSSL 3.0.4 and could potentially allow malicious hackers to launch remote code attacks on unpatched SSL/TLS server side devices.
