Cisco Systems Inc. is warning customers of its IOS XE devices of a critical vulnerability that has no patch and is actively being exploited in the wild. The vulnerability, tracked as CVE-2023-20198, has been given the highest possible Common Vulnerabilities and Exposure score of 10 and is found in all Cisco IOS XE devices that have the ...

The Open Source Security Foundation today launched its Malicious Packages Repository, an open-source system for collecting and publishing cross-ecosystem reports of malicious packages. Claimed to be the first open-source system of its type, the repository was created in response to the rising number of attacks that include malicious open-source packages. Malicious packages, in terms of ...

Cloud data protection startup Nightfall AI today announced a new partnership with cybersecurity company Snyk Ltd. to provide developers with artificial intelligence-powered secrets scanning capabilities. Secrets, in terms of what Nightfall scans for, are passwords, application programming interface keys, token and database credentials used by applications to validate users’ identities, ensure secure communications and provide access to privileged ...

Enterprise identity protection and cyber resilience startup Semperis Ltd. today announced the expansion of Forest Druid, its community-driven attack path management tool, to include support for Microsoft Entra ID, the service previously known as Azure AD. The additional support, coming after the company added support for Okta Inc. to its Purple Knight tool in August, is designed ...

In commemoration of the 20th anniversary of Cybersecurity Awareness Month, Google LLC today introduced various updates and initiatives to enhance cybersecurity and ensure user-friendly online experiences. Cybersecurity Awareness Month was created in 2004 as a collaborative effort between the U.S. government and industry to ensure users have the resources they need to stay safer and ...

Simpson Manufacturing Co. Inc., an engineering firm and building material provider in the U.S., has been struck by a cyberattack that caused disruptions in its information technology infrastructure and applications. The disclosure was made in a filing with the Securities and Exchange Commission, with the company saying that after becoming aware of the malicious activity, ...

The U.S. Securities and Exchange Commission has opened an investigation into the MOVEit vulnerability that has been used to compromise and steal data from thousands of companies and organizations as a Michigan-based bank has become the latest victim. MOVEit is managed file transfer software offered by Progress Software Corp. that is designed to provide secure and ...

A new report released today by cybersecurity firm Critical Start Inc. has found that two-thirds of organizations have experienced a breach requiring attention within the last two years despite having traditional threat-based security measures in place. The biannual Critical Start Cyber Threat Intelligence Report, which leverages research from the company’s Cyber Threat Intelligence team, highlights top cyber threats from ...

Australian Web3 gaming company Immutable Pty. Ltd. has announced today that it’s working with Amazon Web Services Inc. to develop a number of infrastructure and go-to-market initiatives designed to accelerate the onboarding of game studios to Web3 and drive digital ownership of in-game items. Web3-based gaming, in terms of what Immutable offers, is the use of blockchain ...

Data security platform startup Veza Inc. today announced the launch of its new identity governance and administration solution with a promise to deliver next-generation identity security for enterprises. Called Next-Gen IGA, the new solution comprises the Veza Access Control Platform and new products for provisioning and de-provisioning, access reviews, access visibility and access intelligence. The new IGA ...