A massive automated ransomware campaign is targeting VMware ESXi hypervisors worldwide, warns CERT-FR, the French government's computer emergency readiness team that's part of the National Cybersecurity Agency of France. VMware is advising customers to patch affected servers and scan for malware.
Proofpoint has focused on preventing cyberattacks, but customers have increasingly asked for help with blocking lateral movement from compromised identities, says CEO Ashan Willy. Acquiring Illusive in December will help Proofpoint block identity attack paths when a user is compromised.
The cloud security landscape has long been fragmented, and different vendors attempt to separately address containers, serverless and vulnerabilities, says Wiz CEO Assaf Rappaport. Consolidating detection, vulnerability and misconfiguration data in a single place reduces the noise for clients.
Criminals lately have been prioritizing two types of attacks: exploiting Remote Desktop Protocol and penetrating cloud databases. So warns cyber insurer Coalition, based on analyzing in-the-wild attacks seen in 2022 via underwriting and claims data, scans of IP addresses and honeypots.
Another day, another crypto hack: A hacker on Wednesday exploited a smart contract vulnerability on a decentralized platform to steal cryptocurrency. The attacker got away with either $120 million or $1 million, depending on whom you ask. It's complicated.
A Scottish school system decided not to use facial recognition in its secondary school cafeterias after international outcry. The U.K. Information Commissioner's Office said Tuesday that the North Ayrshire Council failed to obtain freely given consent for the system.
Organizations have struggled to understand why APIs are so strategic even though they're an intrinsic way businesses interface with their software, according to Checkmarx CEO Emmanuel Benzaquen. He says API abuse is slated to become one of the most common types of web application data breaches.
Splunk has infused its SIEM with user behavior analytics and threat intelligence to better identify anomalies and understand what's going on in a customer's environment, says CEO Gary Steele. Adding UEBA to the SIEM makes it easier for organizations to identify, detect and remediate anomalies.
Lacework has debuted an attack path analysis tool to help organizations understand the havoc specific threats could wreak within their cloud infrastructure, says CEO Jay Parikh. The company helps customers prioritize which risk elements inside their infrastructure should be addressed first.
North Korean hackers stole $1.7 billion in cryptocurrency during 2022, most of it from decentralized finance platforms, Chainalysis finds. North Korean hackers are "systematic and sophisticated" in hacking and laundering stolen funds, and the nation supports cryptocurrency-enabled crime.
U.S. federal authorities are establishing a new office to tackle supply chain security issues and help industry partners put federal guidance and policies into practice. Former GSA administrator Shon Lyublanovits says she is spearheading the launch of the new organization.
Trellix will debut a console that offers endpoint, security operations and data protection capabilities and a plug-in for network detection and response. The company has moved FireEye's best-in-class detection engines to the cloud for NDR and examined how to address areas such as packet capture.
Juniper Networks has debuted security service edge capabilities that help clients consistently apply zero trust policies in the cloud regardless of the user or device. Juniper takes the policies customers already use within their network and converts them to cloud-delivered policies with one click.
The nearly $200 million it raised in December will allow Snyk to consolidate the developer security market through organic investment and M&A, says CEO Peter McKay. Snyk has focused on bringing open-source security, container security, infrastructure- as-code security and cloud security together.
The Identity Theft Resource Center's 2022 Annual Data Breach Report reveals a near-record number of compromises - the second-highest number in 17 years. ITRC COO James Lee worries that a sudden lack of transparency in breach notices is creating more risk for consumers.