Three U.S. government agencies — Cybersecurity and Information Security Agency (CISA), the National Security Agency (NAS) and the Office of the Director of National Intelligence (ODNI) — have announced the release of the first part of a three-part joint guidance on securing the software supply chain.
Huntress Scores $40M Funding, Plans International Expansion
Managed detection and response (MDR) platform provider Huntress on Thursday announced the closing of a $40 million debt financing round to speed up global expansion plans.
The latest funding was led by CIBC Innovation Banking and brings the total raised by the Maryland start-up to $100 million.
Rapid7 Flags Multiple Flaws in Sigma Spectrum Infusion Pumps
Security researchers at Rapid7 are warning about multiple secuirty vulnerabilities impacting Baxter’s Sigma Spectrum infusion pumps, including issues that could lead to the leakage of credential.
In an advisory published Thursday, Rapid7 called attention to five vulnerabilities found in Sigma Spectrum infusion pumps and the Sigma WiFi batteries.
Cybersecurity M&A Roundup: 41 Deals Announced in August 2022
Zyxel Patches Critical Vulnerability in NAS Firmware
Networking solutions provider Zyxel has released patches for a critical-severity vulnerability impacting the firmware of multiple network attached storage (NAS) device models.
Atlassian Ships Urgent Patch for Critical Bitbucket Vulnerability
Atlassian’s security response team has issued an urgent advisory to warn of a critical command injection flaw in its Bitbucket Server and Data Center product.
The vulnerability carries a CVSS severity score of 9.9 out of 10 and can be exploited remotely to launch code execution attacks, Atlassian said.
LastPass Says Source Code Stolen in Data Breach
Password management software firm LastPass has suffered a data breach that led to the theft of source code and proprietary technical information.
Plex Confirms Database Breach, Data Theft
Popular streaming media platform Plex is scrambling to reset user passwords after a database hack that included the theft of emails, usernames, and encrypted passwords.
Privilege Escalation Flaw Haunts VMware Tools
Virtualization technology software giant VMware on Tuesday released patches to fix an important-severity security flaw in the VMware Tools suite of utilities.
The vulnerability, tracked as CVE-2022-31676, could be exploited by attackers to escalate privileges on a compromised system.
Ethernet LEDs Can Be Used to Exfiltrate Data From Air-Gapped Systems
A researcher from the Ben-Gurion University of the Negev in Israel has published a paper describing a method that can be used to silently exfiltrate data from air-gapped systems using the LEDs of various types of networked devices.
