Security News > 2020 > May

The announcement brings together both companies to address the growing worldwide demand for solutions and services in the areas of digital transformation, process digitization, and automation. The partnership supports global users across all digital transformation projects, including the areas of process excellence, ERP transformation, RPA, risk and compliance, and customer excellence.

Upbound, the company behind open source projects Rook and Crossplane, announced Alibaba Cloud and Microsoft have joined the Crossplane project. "We launched Crossplane over a year ago to bring the same control plane-centric approach pioneered by cloud providers like AWS, Microsoft Azure, and Google Cloud to the enterprise and open source community," said Bassam Tabbara, Founder and CEO of Upbound.

Sixgill announced that users of Splunk, the Data-for-Everything platform, will have access to Sixgill's Darkfeed, the company's automated stream of indicators of compromise. By leveraging Darkfeed in Splunk's analytics-driven SIEM, enterprises gain contextual and actionable insights in real-time to enhance security and proactively protect against threats.

Synack announced that it raised $52 million in Series D funding to transform security testing through its crowdsourced platform powered by the world's most skilled ethical hackers who work with proprietary Synack technology to accelerate the hunt for critical software vulnerabilities. Synack augments their talents with continuous security monitoring technology that utilizes machine learning and AI to quickly and more efficiently root out vulnerabilities.

On the heels of exiting stealth with $30 million in Series A funding from marquee investors and introducing a revolutionary, passwordless identity management solution, Beyond Identity announced the formation of an all-star technical advisory board comprising the "Father of SSL," the co-inventor of public-key cryptography, and CISOs from two of America's most successful companies, Koch Industries and Aflac. Beyond Identity replaces passwords with trusted certificates, originally defined in PKC and ubiquitously deployed within TLS. This proven, secure, and scalable approach enables Beyond Identity to eliminate passwords, reduce risk for organizations, remove friction for end users, and offer consumers a much more secure alternative to password managers.

WhiteHat Security announced the appointment of Tanya Gay to Vice President of Operations and Business Strategy, and the promotion of Judy Sunblade, to Vice President of Revenue Growth and Enablement. WhiteHat Security's growth over the past year led to the company being recognized as a Leader in the 2020 Gartner Magic Quadrant for Application Security Testing for the fifth time.

The Hoaxcalls operators are among those botherders that differentiate themselves from amateur actors with the use of exploits - most of those with fewer technical skills tend to brute-force SSH and Telnet credentials in order to compromise devices and add them to their botnets. Two new Hoaxcalls samples spotted by Radware showed up on the scene in April, incorporating new commands from its command-and-control server and a new exploit for an unpatched vulnerability impacting the ZyXEL Cloud CNM SecuManager that was disclosed in March.

"It is now possible to perform chosen-prefix attacks against the SHA-1 algorithm for less than USD$50K. For this reason, we will be disabling the 'ssh-rsa' public key signature algorithm by default in a near-future release," said OpenSSH maintainer Damien Miller in the release notes for OpenSSH 8.3, echoing similar comments from the 8.2 release notes back in February. The OpenSSH team suggest users and administrators use alternative, more secure hashing algorithms including SHA-2 or the even older ssh-ed25519 or ECDSA as proposed in 2009.

"It is now possible to perform chosen-prefix attacks against the SHA-1 algorithm for less than USD$50K. For this reason, we will be disabling the 'ssh-rsa' public key signature algorithm by default in a near-future release," said OpenSSH maintainer Damien Miller in the release notes for OpenSSH 8.3, echoing similar comments from the 8.2 release notes back in February. The OpenSSH team suggest users and administrators use alternative, more secure hashing algorithms including SHA-2 or the even older ssh-ed25519 or ECDSA as proposed in 2009.

Cisco said attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities. Hackers were able to successfully exploit the flaws incorporated in the latter product, resulting in the compromise of six VIRL-PE backend servers, according to Cisco.