Amazon Web Services (AWS) is hosting its re:Inforce 2022 conference these days and the cloud giant has taken the opportunity to unveil several enhancements to its security offerings.
Security, privacy, compliance and identity
Updated TSA Pipeline Cybersecurity Requirements Offer More Flexibility
The Transportation Security Administration (TSA) has updated its directive for oil and natural gas pipeline cybersecurity, providing owners and operators more flexibility in achieving the outlined goals.
Anvilogic Scores $25 Million Series B to Tackle SOC Modernization
Anvilogic, a Silicon Valley startup working on technology to modernize the Security Operations Center (SOC), has deposited $25 million in a new investment round led by Outpost Ventures.
Apple Ships Urgent Security Patches for macOS, iOS
It’s a very busy Patch Wednesday for computer users running Apple’s flagship macOS and iOS devices.
Apple’s security response team has pushed out software fixes for at least 39 software vulnerabilities haunting the macOS Catalina, iOS and iPadOS platforms.
Huntress Acquires Security Awareness Training Startup Curricula for $22M
Managed detection and response (MDR) platform provider Huntress has shelled out $22 million to acquire Curricula, a startup in the growing security awareness business.
Huntress, based in Ellicott City, Maryland, said the deal adds a fun, story-based security awareness training platform to its stable of cybersecurity offerings.
Critical Infrastructure Operators Implementing Zero Trust in OT Environments
A survey commissioned by cybersecurity company Xage shows that zero trust is on track to being implemented in many operational technology (OT) environments, particularly in critical infrastructure organizations.
Microsoft Releases Open Source Toolkit for Generating SBOMs
Software giant Microsoft has open-sourced its internal tool for generating SBOMs (software bill of materials) as part of a move to help organizations be more transparent about supply chain relationships between components used when building a software product.
Microsoft Patch Tuesday: 84 Windows Vulns, Including Already-Exploited Zero-Day
Microsoft has issued an urgent Patch Tuesday bulletin to warn of in-the-wild zero-day exploitation of a privilege escalation flaw in the Windows operating system.
OpenSSL Patches Remote Code Execution Vulnerability
OpenSSL has issued an urgent advisory to warn of a memory corruption vulnerability that exposes servers to remote code execution attacks.
The vulnerability, tracked as CVE-2022-2274, was introduced in OpenSSL 3.0.4 and could potentially allow malicious hackers to launch remote code attacks on unpatched SSL/TLS server side devices.
Researchers Flag ‘Significant Escalation’ in Software Supply Chain Attacks
Security researchers at ReversingLabs are warning of a “significant escalation in software supply chain attacks” after discovering more than two dozen malicious NPM packages siphoning user data from mobile and desktop applications.
