Security News

InfluxData announced the general availability of InfluxDB Notebooks, a new capability that improves communication for software development teams, ultimately enhancing productivity within InfluxDB Cloud. InfluxDB Notebooks is the first of the company's new capabilities designed to make it easier for developers to collaborate around time series data within the platform.

Styra announced new compliance packs for its Declarative Authorization Service, which include MITRE ATT&CK Matrix for enterprise covering cloud-based techniques, and CIS Kubernetes Benchmarks, to ease collaboration between security and DevOps teams. These two new turnkey compliance packs consist of best practices from the OPA community, and are the latest additions to the Styra compliance pack library, which includes PCI DSS 3.2, Admission Control Best Practices and Kubernetes Pod Security Policies.

LinkSquares announced new features to help legal teams identify key insights from specific terms and clauses across all contracts and track strategic initiatives of importance to the business. LinkSquares Finalize customers will also gain new capabilities for DocuSign and a customized, native application for Salesforce that will simplify contract creation and approvals, and dramatically decrease the time-to-value for the digital transformation of legal teams.

SAP and IBM have changed the hiring and onboarding process to open up more jobs to non-traditional candidates.

The annual Pwn2Own contest features live hacking where top cybersecurity researchers duke it out under time pressure for huge cash prizes. Pwn2Own is a bug bounty program with a twist.

During the first day of Pwn2Own 2021, contestants won $440,000 after successfully exploiting previously unknown vulnerabilities to hack Microsoft's Windows 10 OS, the Exchange mail server, and the Teams communication platform. The first to fall was Microsoft Exchange in the Server category after the Devcore team achieved remote code execution on an Exchange server by chaining together an authentication bypass and a local privilege escalation.

Many security teams are looking to better understand zero trust security and SASE, including whether or not they are mutually exclusive or compatible. What exactly are each of these security models, and how can companies determine which one will be more appropriate for their security teams as they seek to protect the broader business from cyber threats?

Retailers around the world are increasing their fraud teams and budgets because of a significant rise in all types of online fraud during the pandemic, a research by Ravelin finds. 72% of retail brands around the world expect to grow fraud teams in the next year, while 76% predict their budget to tackle fraud will increase in the next 12 months - with 20% expecting a "Significant" increase.

Like most companies, you've already come across its shortcoming - and these are amplified since you have a small security team. According to a Cynet 2021 survey of CISOs with small security teams, the biggest pain point in operating threat protection products selected by 51% of companies, and with a significant gap of 38% from the second place, is the overlapping capabilities of disparate technologies.

Microsoft wants to send the message the company is serious about the security of its popular Teams desktop application and it's willing to put some cash behind the talk. A new bug-bounty program offers up to $30,000 for security vulnerabilities, with top payouts going to those with the most potential to expose Teams user data.