Duncan Riley

Duncan Riley is a senior writer at SiliconANGLE covering Startups, Bitcoin, and the Internet of Things. Duncan is a co-founder of VC funded media company B5Media and founder of news site The Inquisitr, and was a senior writer at TechCrunch in its earlier days. Tips? Press releases? Intersting startup? email: duncan@nichenet.com.au or contact Duncan on Twitter @duncanriley

Latest from Duncan Riley

ServiceNow instances found vulnerable to misconfiguration and leaking data

New research released today by software-as-a-service security management startup AppOmni Inc. details how ServiceNow Inc. instances are vulnerable to misconfiguration. The issue relates to data leaking through improper customer access control list or ACL configurations, with nearly 70% of tested instances having the problem. That ACL is causing the problem is notable because although SaaS product ...

New Palo Alto Networks security offering combats supply chain threats

Network security specialist Palo Alto Networks Inc. today announced a new security offering to combat supply chain threats. The new Prisma Cloud Supply Chain Security provides a complete view of where potential vulnerabilities or misconfigurations exist in an organization’s software supply chain. In doing so, it allows users to trace them to the source quickly and fix them. ...

Microsoft patches critical Exchange Server vulnerability in Patch Tuesday release

Microsoft Corp. today released a fix for a critical vulnerability in Exchange Server as part of its monthly Patch Tuesday release. The Exchange Server vulnerability addressed was officially named CVE-2022-23277. Microsoft stated in an advisory that by using the critical vulnerability, an attacker could attempt to trigger malicious code in the context of the server’s account ...

Tech vendor coalition formed to provide technology and financial support to Ukraine

Domain name system threat protection firm DNSFilter Inc. has formed a new group to provide technology and financial support to Ukraine. The Ukraine Strong Tech Vendor Coalition is inviting technology vendors to provide public support to Ukraine. Those joining the coalition are asked to make a significant cash contribution to charitable organizations helping Ukraine with ...

Chinese hacking groups target US and European governments

Three separate Chinese state-sponsored advanced persistent threat groups have been observed targeting victims, including U.S. state governments, European diplomatic entities and Gmail accounts linked to the U.S. government. The first group, APT41, also known as Wicked Panda and Winti, is believed by researchers at Mandiant Inc. to have successfully compromised at least six U.S. state government ...

APC Smart-UPS vulnerabilities expose millions of businesses to hacking

Researchers at cybersecurity firm Armis Inc. today said they have uncovered three critical vulnerabilities in APC Smart-UPS that could allow attackers to manipulate the power of millions of enterprises. APS, a division of Schneider Electric, is one of the leading vendors of uninterruptible power supply devices, with more than 20 million units sold worldwide. The devices ...

‘Dirty Pipe’ Linux vulnerability allows an attacker to overwrite data

A newly revealed vulnerability in the Linux kernel allows an attacker to overwrite data in arbitrary read-only files. Detailed today by security researcher Max Kellermann and dubbed “Dirty Pipe,” the vulnerability leads to privilege escalation, since unprivileged processes can inject code into root processes. The vulnerability, officially named CVE-2022-0847, affects Linux Kernel 5.8 and later versions, ...

Source code stolen in Samsung data breach

Samsung Electronics Co. Ltd. today confirmed that it has suffered a data breach in which confidential information was stolen, including the source code for its Galaxy smartphones. The theft occurred late last week. The Lapsus$ ransomware gang took the credit. Lapsus$ is the same hacking group that was behind the theft of data from Nvidia ...

Cloudflare, CrowdStrike and Ping Identity to provide free cybersecurity to vulnerable industries

Cloudflare Inc., CrowdStrike Holdings Inc. and Ping Identity Corp. today are teaming up to form the Critical Infrastructure Defense Project, a project that will provide free cybersecurity services to vulnerable industries. The project is designed to enhance defenses against critical areas of enterprise risk. Under the project, eligible organizations will have access to the full suite of ...

Autonomous vehicle startup Pony.ai raises new funding on $8.5B valuation

Self-driving car technology startup Pony.ai late Sunday said it has raised new funding on a valuation of $8.5 billion, a significant increase in valuation from its last round in February 2021. The amount raised in the Series D round and who participated in the funding were not disclosed. The funding comes after Pony.ai scrapped plans ...