Cloud security startup Obsidian Security Inc. today announced the release of its latest suite of software-as-a-service security solutions. Obsidian’s three new services, Compliance Posture Management, Integration Risk Management and Extend, enable security and government, risk and compliance teams to increase their SaaS security and compliance posture measurably. Leading the releases, Compliance Posture Management is designed to ...

Elastic N.V. today announced expanded capabilities for Elastic Security, including cloud security posture management for Amazon Web Services, container workload security and cloud vulnerability management. The new releases build on Elastic’s previously released Kubernetes security posture management and Cloud Workload Protection Platform capabilities to deliver what the company claims to be the only security analytics ...

A new comprehensive toolset for harvesting credentials across multiple cloud services providers has been spotted in the wild being distributed on Telegram. Detailed today by researchers at SentinelLabs, the “AlienFox” toolset is described as a cloud spammer’s “Swiss Army knife” thanks to its ability to attack multiple services in numerous ways. Attackers use AlienFox to ...

Zero-trust content security startup Votiro Cybersec Ltd. today announced that it has raised $11.5 million in new funding to accelerate its marketing and sales reach in North America and to advance its data detection and analytics services. Founded in 2010, Votiro offers file security and safety through enhanced data detection and analytics capabilities. The company says ...

Cloud cybersecurity startup Orca Security Ltd. today detailed the discovery of a previously unknown vulnerability in Microsoft Corp.’s Azure that allowed hackers to undertake remote code execution. Dubbed “Super FabriXss,” the vulnerability was demonstrated at BlueHat IL 2023, showing how they could escalate a reflected cross-site scripting vulnerability in Azure Service Fabric Explorer. The demonstration showed how ...

Cloud forensics and incident response platform startup Cado Security Ltd. today announced the availability of a new security service catering to application programming interfaces for large language models. Called Masked-AI, the open-source library enables the safe use of LLM APIs such as OpenAI LP’s GPT-4 without sending out sensitive information. Available as a download from the GitHub ...

A new report today from phishing protection company SlashNext Inc. finds that a majority of employees have sensitive work information on personal devices as “bring your own device” behavior continues to surge in popularity. The 2023 Mobile BYOD Intelligence Report surveyed individuals about the use of personal devices for work-related tasks, how employers balance corporate security and ...

Software-as-a-service bot protection startup DataDome SAS today announced that it has raised $42 million in new funding to support its mission to rid the web of bot-driven cyberattacks and fraud. Founded in 2014, DataDome is a bot protection startup that uses artificial intelligence and machine learning to detect and block advanced bot attacks in real time. The company’s ...

Google LLC’s Threat Analysis Group today revealed the details of two recently discovered campaigns that use various unpatched or “zero-day” exploits against Android, iOS and Chrome. The first campaign was discovered in November and targeted victims through bit.ly links sent to users over SMS text messages in Italy, Malaysia and Kazakhstan. When clicked, the malicious links ...

Microsoft Corp.’s security platform Defender, which comes installed as standard with Windows, is having a bad day today, with users reporting that the service is tagging sites such as Google and Zoom as being malicious. When it works properly, Defender is meant to stop users from visiting malicious sites, but it goes without saying that ...