Attack surface management specialists Cyberpion has secured $27 million in early-stage funding to build technology that helps organizations manage exposure to risk.
Chrome Browser Gets Major Security Update
Google this week released a security-themed Chrome browser makeover with patches 28 documented vulnerabilities, some serious enough to lead to code execution attacks.
The new browser refresh is now rolling out to Windows, Mac and Linux users as Chrome 100.0.4896.60.
Cloaked Snags $25M Funding to Tackle Data-Sharing Privacy
A Boston startup has raised $25 million in early-stage funding to tackle the erosion of privacy in today’s data sharing ecosystems.
The startup, called Cloaked, said the Series A investment was co-led by Lux Capital and Human Capital and will be used to exit beta and drive growth in a competitive marketplace.
Checkmarx Finds Threat Actor ‘Fully Automating’ NPM Supply Chain Attacks
Threat hunters at Checkmarx on Monday raised an alarm after discovering a threat actor fully automating the creation and delivery of “hundreds of malicious packages” into the NPM ecosystem.
Estonian Ransomware Operator Sentenced to Prison in US
An Estonian man was sentenced to 66 months in prison in the United States for his role in ransomware attacks that caused more than $53 million in losses.
The cybercriminal, Maksim Berezan, who was arrested in Latvia and later extradited to the United States, pleaded guilty in April 2021 to conspiracy to commit wire fraud and device fraud.
Critical Remote Code Execution Vulnerability in Sophos Firewall
Sophos on Friday announced the rollout of urgent patches for a critical authentication bypass vulnerability in the web portal of its Sophos Firewall product.
Reported by an external researcher via the Sophos bug bounty program, the vulnerability is tracked as CVE-2022-1040 and impacts Sophos Firewall v18.5 MR3 (18.5.3) and older releases.
Chinese Hackers Seen Targeting Ukraine Post-Invasion
A known threat actor has launched what appears to be the first Chinese hacking attempts targeting Ukraine digital assets since the Russian invasion a month ago.
MixMode Banks $45 Million in Series B Funding
Cyberattacks detection technology provider MixMode has announced the closing of a $45 million Series B funding round led by PSG, with participation from Entrada Ventures.
Ransomware, Malware-as-a-Service Dominate Threat Landscape
Ransomware continues to expand with double-extortion now the standard; the malware-as-a-service model is now common; and criminals are increasingly ‘living off the land’, according to data from Red Canary.
‘Secrets Sprawl’ Haunts Software Supply Chain Security
A cybersecurity startup is warning of a major, unattended weak link in the software supply chain: the vexing problem of valuable corporate secrets — API keys, usernames and passwords, and security certificates — publicly exposed in corporate repositories.