Security researchers at CrowdStrike have stumbled upon ransomware actors deploying zero-day exploits against Mitel VOIP appliances sitting on the network perimeter.
CrowdStrike: Ransomware Actor Caught Exploiting Mitel VOIP Zero-Day
US, UK, New Zealand Issue PowerShell Security Guidance
The US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the National Cyber Security Centres in New Zealand (NZ NCSC) and the United Kingdom (NCSC-UK) have issued joint guidance on the proper configuration and monitoring of PowerShell to eliminate the risk of abuse.
Security Orchestration: Beware of the Hidden Financial Costs
Among the many improvements in cybersecurity technology and tools we’ve seen over the last few years, one of the most significant has been the inclusion of security automation and orchestration capabilities in solution categories beyond SOAR platforms. SIEM providers acquired stand-alone SOAR platforms, and endpoint detection and response (EDR) solutions broadened to include automation and orchestration capabilities to accelerate threat detection and response.
Top Cryptographers Flag ‘Devastating’ Flaws in MEGA Cloud Storage
Cryptographers at Swiss university ETH Zurich have found at least five exploitable security flaws in the privacy-themed MEGA cloud storage service and warned that the issues could lead to “devastating attacks on the confidentiality and integrity of user data in the MEGA cloud.”
Aqua Security Ships Open-Source Tool for Auditing Software Supply Chain
Cloud security startup Aqua Security has partnered with the Center for Internet Security (CIS) to create guidelines for software supply chain security and followed up by shipping an open-source auditing tool to ensure compliance with the new benchmark.
RevealSecurity Raises $23M for Application Detection and Response
RevealSecurity, an Israeli data security startup building technology to thwart malicious insider threats, on Tuesday announced the closing of a $23 million funding round led by SYN Ventures.
In addition to SYN Ventures, Hanaco Ventures, SilverTech Ventures and World Trade Ventures also joined as RevealSecurity investors.
Hybrid Networks Require an Integrated On-prem and Cloud Security Strategy
Today’s dynamic networks change so fast that traditional point security solutions fail to keep up
‘MaliBot’ Android Malware Steals Financial, Personal Information
Researchers at F5 Labs have nabbed a new Android malware family capable of exfiltrating financial and personal information after taking control of infected devices.
Volexity Blames ‘DriftingCloud’ APT For Sophos Firewall Zero-Day
Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors and launch man-in-the-middle attacks.
Jit Banks Massive $38.5 Million Seed Round Funding
Jit, an Israeli startup promising technology to help developers simplify security when deploying cloud apps, has banked an eye-opening $38.5 million in seed-stage funding.
The funding round was Boldstart Ventures. Venture capital outfit Insight Partners and Tiger Global Management also invested.