It’s officially a venture capital funding frenzy in the software supply chain security space.
Endor Labs Joins Race to Secure Software Supply Chain
German Cybersecurity Chief to be Sacked Over Alleged Russia Ties: Sources
Germany is planning to fire Arne Schoenbohm, the head of the BSI national cyber security agency, after reports he had contacts with Russian intelligence services, government sources told AFP on Monday.
The interior ministry said it is “taking reports seriously” and “investigating them comprehensively”.
Former Uber CISO Joe Sullivan Found Guilty Over Breach Cover-Up
A San Francisco jury on Wednesday found former Uber security chief Joe Sullivan guilty of covering up a 2016 data breach and concealing information on a felony from law enforcement.
KKR Boosts NetSPI Stake with $410 Million Investment
Private equity giant KKR is expanding its big bet on penetration testing and attack surface management firm NetSPI with a new $410 million investment round.
US Government Details Tools Used by APTs in Defense Organization Attack
The NSA, FBI and CISA have issued an alert describing the tools and techniques used by advanced persistent threat (APT) actors in an attack aimed at an unnamed defense industrial base organization in the United States.
Mitigation for ProxyNotShell Exchange Vulnerabilities Easily Bypassed
A mitigation proposed by Microsoft and others for the new Exchange Server zero-day vulnerabilities named ProxyNotShell can be easily bypassed, researchers warn.
The security holes, officially tracked as CVE-2022-41040 and CVE-2022-41082, can allow an attacker to remotely execute arbitrary code with elevated privileges.
Supply Chain Attack Targets Customer Engagement Firm Comm100
CrowdStrike is warning of a recently identified supply chain attack involving Canada-based customer engagement software provider Comm100.
Microsoft Links Exploitation of Exchange Zero-Days to State-Sponsored Hacker Group
Microsoft has been investigating the attacks exploiting the new Exchange Server zero-day vulnerabilities and believes that a single state-sponsored threat group has been using them in highly targeted attacks.
What’s Going on With Cybersecurity VC Investments?
Microsoft Confirms Exploitation of Two Exchange Server Zero-Days
Microsoft has confirmed that it’s aware of two Exchange Server zero-day vulnerabilities that have been exploited in targeted attacks. The tech giant is working on patches.
