vulnerability

Apple fixes bug that let malicious apps skirt macOS’ security protections

Microsoft says a vulnerability it discovered in a core macOS security feature, Gatekeeper, could have allowed attackers to compromise vulnerable Macs with malware. The flaw, tracked as CVE-2022-42821,

Aiphone door entry systems can be ‘easily’ bypassed thanks to NFC bug

The vulnerability in the door entry security system, used in government buildings and apartment complexes, cannot be fixed.

A bug in Abode’s home security system could let hackers remotely switch off cameras

A security vulnerability in Abode’s all-in-one home security system could allow malicious actors to remotely switch off customers’ security cameras. Abode’s Iota All-In-One Security Kit

WhatsApp fixes ‘critical’ security bug that put Android phone data at risk

WhatsApp has published details of a “critical”-rated security vulnerability affecting its Android app that could allow attackers to remotely plant malware on a victim’s smartphone during

Microsoft patches a new zero-day affecting all versions of Windows

Microsoft has released security fixes for a zero-day vulnerability affecting all supported versions of Windows that has been exploited in real-world attacks. The zero-day bug, tracked as CVE-2022-3796

Apple releases iOS and macOS fixes to patch a new zero-day under attack

Apple has released another round of security updates to address vulnerabilities in iOS and macOS, including a new zero-day flaw that is being actively exploited by attackers. The zero-day flaw, track

Twitter fixes security bug that exposed at least 5.4 million accounts

Twitter says it has fixed a security vulnerability that allowed threat actors to compile information of 5.4 million Twitter accounts, which were listed for sale on a known cybercrime forum. The vulner

Security flaws in a popular GPS tracker are exposing a million vehicle locations

Security vulnerabilities in a popular Chinese-built GPS vehicle tracker can be easily exploited to track and remotely cut the engines of at least a million vehicles around the world, according to new

Attack surface management platform RapidFort raises $8.5M seed round

RapidFort, a startup that helps developers reduce the potential attack surface of their applications by automatically removing unused software components from their containers, today announced that it

Microsoft finally fixes Windows zero-day flaw exploited by state-backed hackers

Microsoft has finally released a fix for “Follina,” a zero-day vulnerability in Windows that’s being actively exploited by state-backed hackers. A fix for the high-severity vulnerability — tra

New Relic enters the security market with its new vulnerability management service

New Relic, which has long been known for its observability platform, is entering the security market today with the launch of a new vulnerability management service. Aptly named New Relic Vulnerabilit

Tech giants pledge $30M to boost open source software security

Tech giants including Amazon, Google and Microsoft have pledged millions of dollars to bolster the security of open source software. The pledge was made during a meeting in Washington, DC last week, w

Study: 30% of Log4Shell instances remain unpatched

Considering recent APT41 attacks, organizations that continue to leave the Log4Shell flaw unaddressed are hitting the snooze button when it comes to the wake-up calls from attackers.

NeuraLegion becomes Bright Security and raises $20M Series A

NeuraLegion, a startup that focuses on dynamic application security testing and identifying business logic issues, today announced that it has changed its name to Bright Security. In addition, the com

Vicarius raises $24M to build out its vulnerability remediation platform

Vicarius, a New York-based startup that has developed an autonomous vulnerability remediation platform, has raised $24 million in Series A funding to protect organizations from the next major supply-c

Apple releases iOS 15.3 with fix for ‘actively exploited’ iPhone flaw

Apple on Wednesday patched dozens of security issues with the release of iOS 15.3 of macOS Monterey 12.2. IOS 15.3 fixes a total of 10 security bugs, including a flaw that the company says may have be

A CISO’s playbook for responding to zero-day exploits

We keep calling every new zero-day exploit a “wake up call,” but all we have been doing is collectively hitting the snooze button.

FTC warns of legal action against organizations that fail to patch Log4j flaw

U.S. organizations that fail to secure customer data against Log4Shell, a zero-day vulnerability in the widely used Log4j Java logging library, could face legal repercussions, the Federal Trade Commis

Security flaws found in a popular guest Wi-Fi system used in hundreds of hotels

A security researcher says an internet gateway used by hundreds of hotels to offer and manage their guest Wi-Fi networks has vulnerabilities that could put the personal information of their guests at

Apple iCloud, Twitter and Minecraft vulnerable to ‘ubiquitous’ zero-day flaw

A number of popular services, including Apple iCloud, Twitter, Cloudflare, Minecraft and Steam, are reportedly vulnerable to a zero-day vulnerability affecting a popular Java logging library. The vuln
Load More