Password management software provider 1Password today announced it has increased its top bug bounty reward to $1 million, the highest bounty in the history of the crowdsourced security platform Bugcrowd Inc.’s history. The new reward program is designed to build on a long history of successful bug bounty programs and 1password’s commitment to providing an industry-leading security ...

Enterprise automation platform startup Jiffy.ai today said it has raised $53 million in new funding to scale its sales and marketing efforts and to develop its HyperApp platform further. Eight Roads Ventures led the Series B round with Iron Pillar, R-Squared, Nexus Venture Partners, Reaction Capital and Rebright Partners also participating. Founded in 2012, Jiffy.ai offers an artificial intelligence-powered ...

Shares in CrowdStrike Holdings Inc. surged in late trading after the cybersecurity company smashed both fiscal fourth-quarter expectations and offered an encouraging outlook. For the quarter ended Jan. 31, CrowdStrike reported a profit before costs such as stock compensation net income of $70.4 million, or 30 cents per share, compared with an adjusted profit of ...

New research released today by software-as-a-service security management startup AppOmni Inc. details how ServiceNow Inc. instances are vulnerable to misconfiguration. The issue relates to data leaking through improper customer access control list or ACL configurations, with nearly 70% of tested instances having the problem. That ACL is causing the problem is notable because although SaaS product ...

Network security specialist Palo Alto Networks Inc. today announced a new security offering to combat supply chain threats. The new Prisma Cloud Supply Chain Security provides a complete view of where potential vulnerabilities or misconfigurations exist in an organization’s software supply chain. In doing so, it allows users to trace them to the source quickly and fix them. ...

Microsoft Corp. today released a fix for a critical vulnerability in Exchange Server as part of its monthly Patch Tuesday release. The Exchange Server vulnerability addressed was officially named CVE-2022-23277. Microsoft stated in an advisory that by using the critical vulnerability, an attacker could attempt to trigger malicious code in the context of the server’s account ...

Domain name system threat protection firm DNSFilter Inc. has formed a new group to provide technology and financial support to Ukraine. The Ukraine Strong Tech Vendor Coalition is inviting technology vendors to provide public support to Ukraine. Those joining the coalition are asked to make a significant cash contribution to charitable organizations helping Ukraine with ...

Three separate Chinese state-sponsored advanced persistent threat groups have been observed targeting victims, including U.S. state governments, European diplomatic entities and Gmail accounts linked to the U.S. government. The first group, APT41, also known as Wicked Panda and Winti, is believed by researchers at Mandiant Inc. to have successfully compromised at least six U.S. state government ...

Researchers at cybersecurity firm Armis Inc. today said they have uncovered three critical vulnerabilities in APC Smart-UPS that could allow attackers to manipulate the power of millions of enterprises. APS, a division of Schneider Electric, is one of the leading vendors of uninterruptible power supply devices, with more than 20 million units sold worldwide. The devices ...

A newly revealed vulnerability in the Linux kernel allows an attacker to overwrite data in arbitrary read-only files. Detailed today by security researcher Max Kellermann and dubbed “Dirty Pipe,” the vulnerability leads to privilege escalation, since unprivileged processes can inject code into root processes. The vulnerability, officially named CVE-2022-0847, affects Linux Kernel 5.8 and later versions, ...