Security Bulletin

Tenable released details of a Google Cloud Run flaw that prior to remediation allowed a threat actor to escalate privileges.

Speaking at an industry event, FedRAMP Director Pete Waterman announced the launch of “FedRAMP 2025,” calling on cloud providers to develop security innovations while the government sets standards.

The report notes a 388% increase in cloud security alerts and a 235% rise in high-severity incidents.

A continuation of the North Korean nation-state threat's campaign against employment seekers uses the social engineering attack to target CeFi organizations with the GolangGhost backdoor.

Vasu Jakkal, Microsoft’s corporate vice president of security, emphasized that AI-driven cyber defense is essential as Microsoft Threat Intelligence processes 84 trillion signals daily, enabling proactive threat detection.

The updates include automated secrets rotation in Pulumi ESC, a secure GitHub Actions integration, granular role-based access control (RBAC), and expanded policy-as-code capabilities in Pulumi Insights.

The update also streamlines deployment of its Security Services Platform (SSP) for collecting cybersecurity telemetry.

U.S. cybersecurity technology firm ReliaQuest has secured more than $500 million from a new funding round that has lifted its valuation to $3.4 billion, according to SiliconAngle.

Ongoing intrusions leveraging the critical static credential backdoor flaw impacting the Cisco Smart Licensing Utility, tracked as CVE-2024-20439, have prompted the bug's inclusion in the Cybersecurity and Infrastructure Security Agency's Known...

Secure Network Analytics version 7.5.2 has been released, offering exciting new features such as the Network Visibility Module (NVM) and Zeek detections.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The threat of ongoing cyber attacks will remain an issue of utmost urgency for security officials