Security News > 2021 > May

Cyber asset management and governance solutions provider JupiterOne on Tuesday announced that it raised $30 million in Series B funding, which brings the total raised by the company to more than $49 million. The funding round was led by Sapphire Ventures, with participation from previous investor Bain Capital Ventures.

Cloud security is more topical than ever when considering all the fun things that have happened in 2021 with security startups! Before talking about innovation and startups though, let's talk about a brief history of cloud security especially public cloud.

A code audit of Exim, a widely used mail transfer agent, has revealed 21 previously unknown vulnerabilities, some of which can be chained together to achieve unauthenticated remote code execution on the Exim Server. They have all been fixed in Exim v4.94.2, and the software maintainers advise users to update their instances as soon as possible, as all versions of Exim previous to version 4.94.2 are now obsolete.

IBM Security introduced a new Software as a Service version of IBM Cloud Pak for Security, designed to simplify how organizations deploy a zero trust architecture across the enterprise. The new IBM Security zero trust blueprints offer a framework for building a security program designed by applying the core principles of zero trust: least privilege access; never trust, always verify; and assume breach.

Hundreds of millions of women turn to fertility apps to conceive or prevent pregnancy, and according to a new study those apps may leak very personal information including miscarriages, abortions, sexual history, potential infertility and pregnancy. The study considered privacy notices and tracking practices of 30 free, popular, fertility apps available on the Google Play Store.

Amazon Web Services announced the general availability of Amazon DevOps Guru, a fully managed operations service that uses machine learning to make it easier for developers to improve application availability by automatically detecting operational issues and recommending specific actions for remediation. When Amazon DevOps Guru analyzes system and application data to automatically detect anomalies, it also groups this data into operational insights that include anomalous metrics, visualizations of application behavior over time, and recommendations on actions for remediation-all easily viewable in the Amazon DevOps Guru console.

In the wake of the Microsoft Exchange ProxyLogon zero-day and F5 BIG-IP security exploits earlier this year, many are questioning if and when should researchers publish proof of concepts for vulnerabilities and associated patches. While publishing PoC exploits for patched vulnerabilities is common practice, this one came with an increased risk of threat actors using them to attack the thousands of servers not yet protected.

These domains are like the real thing and are often visited by users who have mistyped the genuine domain URL. Unfortunately, criminals are good at finding new ways to trick unsuspecting visitors to your website. Many domain registration companies now offer value-added services that can help protect against criminals seeking to exploit established domains.

Pentesting can fortify organizations' general security posture and is a critical measure organizations should put in place proactively to prevent security breaches. Recently, Colleen Pate, Customer Marketing Lead at Cobalt sat down with Coleen Coolidge, CISO at Twilio Segment to better understand how she views the role of pentesting in a cybersecurity program and how it can fit into modern workflows.

The Android operating system updates released by Google for May 2021 patch a total of 42 vulnerabilities, including four considered critical severity. In addition to these critical bugs, five other vulnerabilities were addressed in Android System, all rated high severity.