Featured
06/13/2024
Microsoft’s Brad Smith acknowledges past security failures, outlines new initiatives
Not everyone was as harsh on Microsoft’s previous mistakes. Jeff Williams, co-founder and chief technology officer at application security software platform provider Contrast Security Inc., noted that “while it’s pretty obvious in hindsight that they made a mistake, I think commentators are judging them without seeing the whole picture.”
“The unfortunate reality is that software is far more complex than most people understand,” he said. “A single application is built from dozens of source code repos, hundreds of open-source libraries, multiple application frameworks, server software and often multiple language platforms. And Microsoft has tens of thousands of applications, each of which has vulnerabilities reported all the time by tools, penetration testers, customers and more.”
12/11/2021
The Industry Responds to Mass Zero Day Exploit in Log4J
A new zero-day vulnerability has been discovered in a widely used Java logging library called “Apache Log4j” that is easy to exploit and enables attackers to gain full control of affected servers.
12/10/2021
Security Experts Sound Alarm on Zero-Day in Widely Used Log4j Tool
A remote code execution vulnerability in Log4j presents a bigger threat to organizations than even the infamous 2017 Apache Struts vulnerability that felled Equifax, they say.
12/10/2021
What to Do While Waiting for the Log4j Updates
This Tech Tip outlines how enterprise defenders can mitigate the risks of the Log4j vulnerabilities for the short-term while waiting for updates.
12/10/2021
The Log4j vulnerability is bad. Here’s the good news
A critical vulnerability discovered in Log4j, a widely deployed open source Apache logging library, is almost certain to be exploited by hackers — probably very soon.
12/10/2021
Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)
A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library, is being leveraged by attackers in the wild – for now, fortunately, primarily to deliver coin miners.
11/22/2021
Series E Funding – Alan Naumann, Contrast Security
Contrast Security announced that it has closed $150M in Series E round funding at a greater than billion-dollar valuation.
11/14/2021
Contrast Security Secures $150 Million
LOS ALTOS — Contrast Security, a provider of next-gen code security tools, has closed $150 million in a Series E round of funding at a $1 billion-dollar-plus valuation.
11/11/2021
Contrast Security raises $150M to advance application security
Contrast Security announced that it has closed $150M in a Series E round of funding at a greater than billion-dollar valuation.
11/10/2021
SD Times news digest: NuGet 6.0; .NET MAUI Preview 10; Contrast Security $150 million in Series E funding
Microsoft announced that NuGet 6.0 is being included in Visual Studio 2022 and .NET 6.0 out of the box.
11/09/2021
Contrast Security, SafeBreach Latest Cybersecurity Funding Recipients
Just over $14 billion has been invested in cybersecurity year to date.