Startup Sonrai Security emerges from stealth with $18.5 million in funding and the launch of Cloud Data Control (CDC), a service promising "unparalleled data and identity control across all cloud accounts and within any data store."

Named after the Galic word for "data" (pronounced "son-ree"), Sonrai is founded by Q1 Labs co-founders Brendan Hanningan and Sandy Bird. Following the 2011 acquisition of Q1 Labs by IBM, the two helped establish IBM Security with QRadar, the Big Blue flagship security intelligence and analytics platform.

Sophos sets to bolster its cloud security capabilities with the acquisition of Avid Secure, a next-generation cloud infrastructure company. Financial details of the deal are not available.

Founded in 2017, Avid Secure offers an cloud security analytics, compliance and DevSecOps platform to provide end-to-end protection in public cloud environments such as AWS, Azure and Google. It uses artificial intelligence and automation to address challenges involved with cloud security, including lack of workload visibility, and the constant monitoring required to stay ahead of sophisticated attacks.

The Windows 10 October update brings more capabilities to Windows Hello, the Microsoft login system-- now offering not only facial recognition, fingerprint or PIN, but also support for USB or NFC FIDO2 devices.

As a Microsoft blogpost insists, "passwords can be difficult to remember, are often reused and can be used to hack your account anywhere, anytime, from any device." Windows Hello already sidesteps the need for a password through facial recognition or fingerprint readers, while the Windows Security provides clear alerts in case one needs improve account protection.

Wireless access points from multiple vendors pose the risk of two severe vulnerabilities dubbed Bleedingbit, IoT security firm Armis warns-- both providing attackers means to sneak into enterprise networks undetected.

The Bleedingbit flaws are found in Texas Instruments Bluetooth Low Energy (BLE) chips used Cisco, Meraki and Aruba wifi APs. Neither vulnerability can be detected or stopped by traditional network and endpoint security solutions, and if exploited they allow attackers to break into a network, take over access points, spread malware and move laterally across network segments.

The first Bleedingbit vulnerability triggers memory corruption in the TI BLE chips (cc2640, cc2650) embedded in Cisco and Meraki wifi APs, leading to compromise of the main system of the AP. The second issue impacts Aruba series 300 wifi APs with TI BLE chip (cc2540), and provides a backdoor for attackers to install new firmware, leading to a foothold in a secure network.