Endpoint Security Platform Kolide Banks $17 Million Investment
Endpoint security platform Kolide on Thursday announced that it has raised $17 million in Series B funding, for a total of $27 million raised to date.
read more
Author: Ionut Arghire
Google Helps OSTIF Boost Security of Open Source Projects
Google this week announced plans to support the Open Source Technology Improvement Fund (OSTIF) to boost the security of open source projects.
read more
Kaspersky Received 105 Government, Law Enforcement Requests in H1 2021
Kaspersky this week published its first transparency report to share information on the government and law enforcement agency requests received in 2020 and in the first half of 2021.
read more
Researchers Create Toolkit for Hardware Security Tests on Apple’s Mobile Processors
A group of researchers from North Carolina State University has built a software toolkit to explore vulnerabilities in Apple’s mobile processors and used the findings to devise a cache timing attack.
read more
Neosec Emerges From Stealth With $20.7 Million in Funding
Application security startup Neosec this week emerged from stealth mode after closing a $20.7 million Series A funding round.
read more
Severe Vulnerabilities Could Expose Thousands of Azure Users to Attacks
Four of the fixes that Microsoft released as part of its September 2021 Patch Tuesday updates deal with vulnerabilities in the Open Management Infrastructure (OMI) software agent embedded in Azure services.
read more
SAP Patches Critical Vulnerabilities With September 2021 Security Updates
German software maker SAP this week announced the release of 17 new and two updated security notes on the September 2021 Security Patch Day. Seven of these deal with critical vulnerabilities in SAP products.
read more
Zoom Introduces End-to-End Encrypted Phone Calls
Zoom this week revealed that its users will be getting the option to encrypt their one-on-one phone calls courtesy of end-to-end encryption (E2EE) being expanded to Zoom Phone.
read more
Cobalt Strike Beacon Reimplementation ‘Vermilion Strike’ Targets Windows, Linux
Security researchers with Intezer have identified a reimplementation of the infamous Cobalt Strike Beacon payload, which features completely new code.
read more
Swiss Post Offers up to €230,000 for Critical Vulnerabilities in e-Voting System
Switzerland’s national postal organization Swiss Post is offering bug bounty rewards of up to €230,000 (roughly $271,000) for critical vulnerabilities identified in a future digital voting system.
read more
JumpCloud Raises $159 Million at $2.56 Billion Valuation
User and device management provider JumpCloud on Monday announced that it has raised $159 million in Series F funding at a $2.56 billion valuation. To date, the company has raised $350 million in funding.
read more
Tens of Thousands of Unpatched Fortinet VPNs Hacked via Old Security Flaw
A threat actor has leaked online access credentials for 87,000 Fortinet VPN devices that were apparently compromised using a vulnerability identified and patched two years ago.
read more
Facebook Announces Encrypted WhatsApp Backups
Facebook has announced plans to further improve WhatsApp privacy and security by allowing users to encrypt their message history backups in the cloud.
read more
Citrix Patches Hypervisor Vulnerabilities Allowing Host Compromise
Citrix has released patches for several vulnerabilities in Hypervisor that could result in privileged code executed in a guest virtual machine compromising or crashing the host.
read more
Mēris Botnet Flexes Muscles With 22 Million RPS DDoS Attack
A series of record-breaking RPS-based distributed denial of service (DDoS) attacks observed over the past month are the result of a new, powerful botnet flexing its muscles to prove its capabilities.
read more
Google Introduces Private Compute Services for Android
Google this week introduced a new suite of services designed to improve privacy in the Android operating system.
read more
Cisco Patches High-Severity Security Flaws in IOS XR
Cisco this week released patches for multiple high-severity vulnerabilities in the IOS XR software and warned that attackers could exploit these bugs to reboot devices, elevate privileges, or overwrite and read arbitrary files.
read more
HAProxy Vulnerability Leads to HTTP Request Smuggling
A critical security vulnerability in HAProxy could allow attackers to bypass security controls and access sensitive data without authorization, according to a warning from security research outfit JFrog.
read more
GitHub Patches Security Flaws in Core Node.js Dependencies
GitHub has published documentation on seven vulnerabilities in the Node.js packages and warned that exploitation could expose users to code execution attacks.
read more
US Gov Seeks Public Feedback on Draft Federal Zero Trust Strategy
The U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) this week announced they are seeking public feedback on draft zero-trust strategic and technical documentation.
read more
Canadian-US National Sentenced to Prison for Cybercrime Schemes
A Canadian and U.S. dual-national was sentenced to 11 years in prison for laundering illicit funds from cybercrime schemes such as business email compromise, ATM cash-outs, and bank cyber-heists.
read more
Microsoft Warns of Information Leak Flaw in Azure Container Instances
Microsoft has patched an Azure Container Instances (ACI) vulnerability that could have allowed users to access the information of other Azure customers.
read more
Zoho Confirms Zero-Day Authentication Bypass Attacks
Zoho has shipped an urgent patch for an authentication bypass vulnerability in its ManageEngine ADSelfService Plus alongside a warning that the bug is already exploited in attacks.
Tracked as CVE-2021-40539, the security flaw is deemed critical as it c…
Howard University Cancels Classes, Shuts Campus After Ransomware Attack
Howard University closed its physical campus and canceled classes this week after experiencing a ransomware attack.
read more
Google Android Security Update Patches 40 Vulnerabilities
Google on Tuesday published the Android Security Bulletin for September 2021 with patches for a total of 40 vulnerabilities, including seven that are rated critical.
read more
CISA Issues Guidelines on Choosing a Managed Service Provider
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidelines for government and private organizations to take into consideration when looking to outsource services to a Managed Service Provider (MSP).
read more
Critical Flaw in Pac-Resolver NPM Package Affects 290,000 Repositories
A high severity vulnerability recently addressed in popular NPC package Pac-Resolver could be exploited to execute arbitrary code remotely.
read more
Jenkins Says Confluence Service Compromised Using Recent Exploit
Jenkins over the weekend announced that hackers managed to gain access to one of its servers after exploiting a critical vulnerability affecting Atlassian Confluence Server and Data Center.
read more
NETGEAR Patches Severe Vulnerabilities in Business Switches
NETGEAR has released patches to address severe vulnerabilities in its business-grade smart switches that could lead to complete device takeover.
read more
Ad Fraud Protection Firm Pixalate Raises $18.1 Million
Pixalate, a firm that provides fraud protection for mobile app and connected TV (CTV) advertising, has raised $18.1 million in growth capital, bringing the total amount raised by the company to $22.7 million.
read more
FBI Warns Ransomware Attack Could Disrupt Food Supply Chain
Ransomware attack on U.S. farm incurred $9 million in losses
read more
Facebook Pays Out $40,000 for Account Takeover Exploit Chain
Social media giant Facebook on Thursday announced a new payout guideline to help vulnerability hunters better understand its bounty decisions related to given bugs.
read more
BrakTooth: New Bluetooth Vulnerabilities Could Affect Millions of Devices
A group of researchers with the Singapore University of Technology and Design have disclosed a family of 16 new vulnerabilities that affect commercial Bluetooth Classic (BT) stacks.
read more
Recruiting Firm Apparently Pays Ransom After Being Targeted by Hackers
Administrative staffing agency Career Group, Inc. this week started sending notification letters to customers who were affected by a data breach that occurred in late June.
read more
FTC Bans SpyFone From Surveillance Business for Selling Stalkerware
The U.S. Federal Trade Commission (FTC) this week announced that it has banned stalkerware app maker SpyFone and its CEO, Scott Zuckerman, from the surveillance business.
read more
Cisco Patches Critical Enterprise NFVIS Vulnerability for Which PoC Exploit Is Available
Cisco on Wednesday announced the availability of patches for a critical authentication bypass vulnerability in Enterprise NFV Infrastructure Software (NFVIS) for which proof-of-concept exploit code already exists.
read more
CISA, FBI Warn of Increase in Ransomware Attacks on Holidays
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that ransomware actors are deliberately launching attacks during the holidays and weekends.
read more
Singapore Government Launches New Bug Bounty Program
The Singapore Government Technology Agency (GovTech) on Tuesday introduced a new Vulnerability Rewards Programme (VRP) on HackerOne that offers bug bounty rewards of up to $150,000.
read more
Google Awards Over $130,000 for Flaws Patched With Release of Chrome 93
Google this week announced the release of Chrome 93 with a total of 27 security patches inside, including 19 for vulnerabilities that were reported by external researchers.
read more
Proxyware Platforms Increasingly Targeted by Cybercriminals
Proxyware platforms are increasingly targeted in cybercrime operations aimed at distributing malware or at monetizing the internet bandwidth of victims, according to Cisco’s Talos research and intelligence unit.
read more
CISA Expands ‘Bad Practices’ List With Single-Factor Authentication
The United States Cybersecurity and Infrastructure Security Agency (CISA) this week added single-factor authentication to its list of bad practices.
read more
Researchers Abuse Apple’s Find My Network for Data Upload
Security researchers have discovered a way to leverage Apple’s Find My’s Offline Finding network to upload data from devices, even those that do not have a Wi-Fi or mobile network connection.
read more
Citrix Patches Vulnerability in Workspace App for Windows
Citrix this week announced that it has patched a local privilege escalation vulnerability in the Citrix Workspace app for Windows.
read more
Microsoft Warns of Attacks on Aerospace, Travel Sectors
Organizations in the aerospace and travel sectors have been targeted in the past months in a campaign aimed at infecting victims with remote access Trojans (RAT) and other types of malware, Microsoft warns.
read more
Asset Discovery Provider Panaseer Raises $26.5 Million
Asset and security control management provider Panaseer on Wednesday announced a new $26.5 million round of funding, bringing the total investment in the company up to $43 million.
read more
Apple Removed 95,000 Fraudulent Applications From App Store in 2020
In 2020, Apple removed or rejected hundreds of thousands of applications from the App Store for engaging in various forms of fraudulent behavior, including spam, mischief, and privacy violations.
read more
Security Researchers Dive Into DarkSide Ransomware
Following the ransomware attack that impacted the pipeline operated by Georgia-based Colonial Pipeline, security firms are providing detailed information on the cybercriminal gang behind the attack.
read more