itsecuritywire.com
Critical Git Security Flaws Found in Source Code Security Audit
Multiple vulnerabilities have been found in Git, a popular distributed version control system, as a result of a source code security audit. This week, the findings of the security audit, which was sponsored by OSTIF and carried out by X41 and GitLab, were made available. Git might be a prime target for threat actors because a flaw in the system could be used to compromise source code repositories or developer systems.
itsecuritywire.com
18k Nissan Customers Impacted by Data Breach at a Third-Party Software Developer
Nissan North America informs roughly 18,000 customers that their personal information was revealed in a data breach at a third-party services provider. The impacted third-party service provider provides software development services to Nissan. Nissan provided certain information to this service provider for processing during the software testing. The company was informed of the incident in June 2022. In September, its investigation into the data breach determined that some personal information belonging to Nissan customers was accessed and exfiltrated from the repository.
itsecuritywire.com
Kintent® Modifies Security Reviews With World’s First Product To Integrate AI-Powered Security Questionnaire Responses With A Trust Portal
Kintent®, the programmatic, predictive Trust Assurance platform, today announced the release of the new TrustShare™- application. TrustShare allows software companies to pass security reviews quickly with AI-powered security questionnaire responses, and a dynamic trust portal to share security and privacy compliance status with prospects and partners. TrustShare is the newest addition to the Trust Cloud platform, the smartest way for companies to complete audits, pass security reviews and assess risk.
itsecuritywire.com
Six Methods to Strengthen Supply Chain Cybersecurity in 2023
A supply chain cyberattack response plan must be evaluated regularly with penetration testing. This will uncover advanced supply chain cybersecurity risks that are overlooked by security systems. The COVID outbreak has induced digital transformation acceleration and has increased the supply chain complexity. As the security risks increases, supply chain executives...
itsecuritywire.com
Keeper Connection Manage Announces New, Next-Gen Features For Zero-Trust Network Access
Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets and connections, today announced the latest update to its Keeper Connection Manager (KCM), which provides DevOps and IT teams with instant access to RDP, SSH, database and Kubernetes endpoints through a web browser- no VPN required. New in version 2.11.0, KCM is now able to interact directly with Microsoft SQL Server and PostgreSQL databases.
itsecuritywire.com
UK Postal Service Disrupted: Royal Mail CEO Confirms Cyberattack
Royal Mail confirms that a cyberattack has led to disruption in the UK’s postal services. According to the report, Royal Mail confirmed it after a week after its first notice of detecting an unspecified cyber incident which led the British mail service to become incapable of dispatching overseas destination parcels. A few reports claim that Royal Mail was a target of ransomware that compromised the system leveraged to print customs labels for parcels sent to overseas destinations.
itsecuritywire.com
Oracle’s First Security Update for 2023 Has 327 New Patches
Oracle announced its first Critical Patch Update for 2023, which comprises 327 new security patches. More than 70 fixes address critical-severity vulnerabilities. Oracle’s January 2023 CPU possesses 50 security patches that resolve flaws in Fusion Middleware. Thirty-nine of the bugs can be influenced by a remote, unauthenticated attacker, and 14 are ranked ‘critical’. While no new patches were reverberated out for applications such as Big Data Graph, Global Lifecycle Management, Graph Server, and Client, and Spatial Studio, updates were made available for them to address third-party issues. Oracle released third-party patches for other products as well.
itsecuritywire.com
Ensuring Better API Security Across Mobile Applications
A more significant part of the efficient user experience that is taken for granted is powered by APIs, which operate in the background. Because of this, it is essential to ensure improved API security across mobile apps; otherwise, none of the benefits would be realized. Some of the biggest cyber-attacks...
itsecuritywire.com
Control Web Panel Exploited Flaw Added to CISA “Must-Patch” List
CISA, the United States government’s cybersecurity agency, has given federal agencies until early February to patch a critical and already exploited security flaw in the widely used CentOS Control Web Panel utility. The organization added the CVE-2022-44877 vulnerability to its KEV (Known Exploited Vulnerabilities) catalog and gave federal agencies...
