Search results for: software

open source

Open source skills continue to be in high demand

80% of organizations increased their use of open source software over the last 12 months, according to Perforce Software and the Open Source Initiative. Four out of five companies rely on OSS for a wide range of business-critical applications including data and database management, containers and container orchestration, and DevOps and SDLC tooling. The report reveals, however, that some obstacles persist. In every technology category surveyed, organizations repeatedly cited lack of personnel with expertise as … More

security platform

Cloud Range for Critical Infrastructure improves operational efficiency of security teams

Cloud Range has introduced Cloud Range for Critical Infrastructure—the live-fire simulation training specifically designed to proactively train and prepare incident responders (IR) and security operations (SOC) teams in operational technology (OT) and information technology (IT) environments to defend against cyber attacks to critical infrastructure. The digital convergence of OT and IT in critical infrastructure sectors has increased the focus of cyber attacks against OT and industrial control system (ICS) environments. This has accelerated the need … More

security platform

Ermetic extends its CNAPP with cloud workload protection capabilities

Ermetic has extended its Cloud Native Application Protection Platform (CNAPP) with cloud workload protection capabilities that enable customers to detect, prevent and remediate security risks in virtual machines, containers and serverless functions. Using context that spans infrastructure configurations, network, access entitlements and other settings, Ermetic identifies and prioritizes threats on AWS, GCP and Microsoft Azure that require immediate attention. This full stack approach automates cloud workload protection against breaches, while allowing organizations to satisfy compliance … More

Appointments

Prove Identity hires Amanda Fennell as CISO and CIO

Prove Identity appointed Amanda Fennell as the company’s Chief Information Security Officer (CISO) and Chief Information Officer (CIO). Fennell, who most recently served as the CISO & CIO at Relativity, brings over twenty years of security industry experience to the role having spent the past several years working in digital forensics and cybersecurity at companies such as Symantec, Dell SecureWorks, Zurich Insurance Group, Booz Allen Hamilton, and Guidance Software. “We are excited to welcome Amanda … More

Ubuntu

Ubuntu Pro: Comprehensive subscription for open-source software security

Ubuntu Pro, Canonical’s comprehensive subscription for secure open source and compliance, is now generally available. Ubuntu Pro helps teams get timely CVE patches, harden their systems at scale and remain compliant with regimes such as FedRAMP, HIPAA and PCI-DSS. The subscription expands Canonical’s ten-year security coverage and optional technical support to an additional 23,000 packages beyond the main operating system. It is ideal for organisations who are looking to improve their security posture, not just … More

Hand

Attackers use portable executables of remote management software to great effect

Tricking users at targeted organizations into installing legitimate remote monitoring and management (RMM) software has become a familiar pattern employed by financially motivated attackers. No organization is spared, not even agencies of the US federal civilian executive branch – as the Cybersecurity and Infrastructure Security Agency (CISA) warned on Wednesday. Attackers’ modus operandi “In October 2022, CISA identified a widespread cyber campaign involving the malicious use of legitimate RMM software. Specifically, cyber criminal actors sent … More

open source security

How businesses can bolster their cybersecurity defenses with open source

Open-source software enables better security for both large and small organizations. It is the foundation of today’s society and is found throughout a modern application stack, from the operating system to networking functions. It’s estimated that around 90% of organizations use open source in some way, according to GitHub’s 2022 Octoverse report. Open-source software can be examined by everyone, both attackers and defenders. But this does not necessarily give attackers the upper hand. Rather, it … More

Appointments

Barry Mainz joins Forescout as CEO

Forescout Technologies has unveiled that Barry Mainz will join the company as CEO, effective immediately. Barry Mainz brings more than 25 years of experience in executive leadership across infrastructure software and cybersecurity companies. Mainz has served as CEO and member of the Board of Directors for MobileIron and also led Wind River Systems, a division of Intel, as President during important years of growth. Additionally, Mainz has held leadership roles, as well as advisory and … More

key

GoTo now says customers’ backups have also been stolen

GoTo (formerly LogMeIn) has confirmed on Monday that attackers have stolen customers’ encrypted backups from a third-party cloud storage service related to its Central, Pro, join.me, Hamachi, and RemotelyAnywhere offerings. However, the attackers have also managed to grab an encryption key for a portion of the encrypted backups. What happened? In early December, LastPass and its affiliate GoTo made public a security incident involving the third-party cloud storage service both companies use, as well as … More

code

Trained developers get rid of more vulnerabilities than code scanning tools

An EMA survey of 129 software development professionals uncovered that for those using code scanning tools, only 10% of organizations prevented a higher percentage of vulnerabilities than organizations not using code scanning tools, while continuous training greatly improved code security for over 60% of organizations that adopted it. Researchers also found that as many as 70% of organizations are missing critical security steps in their software development lifecycle (SDLC), highlighting a struggle with a ‘shift-left’ … More

week in review

Week in review: Critical git vulnerabilities, increasingly malicious Google Search ads

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Cacti servers under attack by attackers exploiting CVE-2022-46169 If you’re running the Cacti network monitoring solution and you haven’t updated it since early December, now is the time to do it to foil attackers exploiting a critical command injection flaw (CVE-2022-46169). CircleCI breach post-mortem: Attackers got in by stealing engineer’s session cookie The attackers who pulled off the recent breach … More

Acquisitions

Exterro acquires Zapproved to address critical business challenges

Exterro’s acquisition of Zapproved is the latest step in furthering Exterro’s vision to empower customers to proactively and defensibly manage their legal governance, risk and compliance obligations. It also represents another strategic milestone for Exterro in its partnership with Leeds Equity Partners, which originally acquired the business in 2018 and completed a recapitalization in 2022. Upon closing of the acquisition of Zapproved, Vista Equity Partners (“Vista”) will maintain a minority stake in the combined company. … More