The Internet Systems Consortium (ISC) has released security updates to fix multiple high-severity vulnerabilities in the widely deployed Berkeley Internet Name Domain (BIND) server software.
Software Supply Chain Weakness: Snyk Warns of ‘Deliberate Sabotage’ of NPM Ecosystem
Software supply chain security fears escalated again this week with the discovery of what’s being described as “deliberate sabotage” of code in the open-source npm package manager ecosystem.
NIST Releases ICS Cybersecurity Guidance for Manufacturers
NIST guide provides examples of commercial products that manufacturers can use to address specific security risks
NSA Publishes Best Practices for Improving Network Defenses
The National Security Agency (NSA) this week published a set of best practices for organizations looking to improve the overall security of their networks.
The guidance is meant to be generic, applicable to a broad range of network devices, and should help administrators prevent adversaries from exploiting their networks.
Symantec: Super-Stealthy ‘Daxin’ Backdoor Linked to Chinese Threat Actor
Threat hunters at Symantec are calling global attention to a new, highly sophisticated piece of malware being used by a Chinese threat actor to burrow into — and hijack data from — government and critical infrastructure targets.
Astrix Security Nabs $15M to Tackle Attack Surface Sprawl
Israeli startup Astrix Security has banked $15 million in early stage venture capital investment to build technology to help organizations secure third-party app integrations.
The Tel Aviv-based Astrix said the seed round was led by Bessemer Venture Partners and F2 Capital. Venrock and a list of angel investors also participated.
SecurityWeek to Host 2022 Attack Surface Management Summit Today
Security Leaders Will Walk Away from Virtual Event with New Strategies to Get Ahead of Attackers
European Cybersecurity Agencies Issue Resilience Guidance for Decision Makers
The European Union Agency for Cybersecurity (ENISA) and the European Union’s Computer Emergency Response Team (CERT-EU) last week published a set of best practices to help organizations boost their cyber resilience.
CISA Creates List of Free Cybersecurity Tools and Services for Defenders
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday announced that it has compiled a list of free cybersecurity tools and services that can help organizations reduce risk and improve resilience.
Google Offering $91,000 Rewards for Linux Kernel, GKE Zero-Days
Technology giant Google is offering bigger cash awards for hackers reporting critical security flaws affecting the Linux Kernel, GKE, Kubernetes, and kCTF.