Tag : Audits

Home » Posts tagged Audits"
image_pdfimage_print

A new Android banking trojan has been found, targeting international banks from the United Kingdom and Italy (including in the U.S.). and five different cryptocurrency services. Twenty-two instances have been discovered, but more are expected. The malware, first detected at the end of October 2021, appears to be new and still being developed. It was ..

Read more

Fears of software supply chain attacks escalated again this week with a new warning from Microsoft that it has caught Iranian threat actors breaking into IT services shops in India and Israel and using that access to hit the real targets. Two of Redmond’s premier threat hunting units  — the Microsoft Threat Intelligence Center (MSTIC) ..

Read more

Video messaging technology giant Zoom has shipped patches for high-severity vulnerabilities that expose enterprise users to remote code execution and command injection attacks. The company released multiple security bulletins to warn of the risks and called special attention to a pair of “high-risk” bugs affecting its on-prem meeting connector software and the popular Keybase Client. ..

Read more

United States Vice President Kamala Harris on Wednesday formally announced support for the Paris Call for Trust and Security in Cyberspace, an international collaborative initiative aimed at advancing cybersecurity. Issued in 2018, the Paris Call details nine principles to improve stability in cyberspace through global collaboration, and has been already signed by 79 countries. The ..

Read more

A major security vulnerability in the WP Reset PRO WordPress plugin could be exploited by an authenticated user to wipe the entire database of a website, according to a warning from researchers at Packstack (formerly WebARX). The issue can be exploited by any authenticated user, regardless of their authorization, to wipe all tables in a ..

Read more

Enterprise networking giant Cisco has released patches for multiple vulnerabilities across its product portfolio, including critical security defects in Catalyst Passive Optical Network (PON) series switches and the Policy Suite product. The most severe of these issues are CVE-2021-34795 and CVE-2021-40113 (CVSS 10.0), two flaws in Catalyst PON switches that could be exploited to log ..

Read more

Minnesota-based IT management and software powerhouse HelpSystems expanded its year-long cybersecurity shopping spree with a new deal to acquire data loss prevention specialists Digital Guardian. Financial terms of the acquisition were not released.    Digital Guardian is a late-stage Massachusetts-based startup that raised $173 million over multiple venture capital funding rounds.  The company has gained ..

Read more

The Microsoft Patch Tuesday freight train for October rolled in with fixes for at least 71 security defects in Windows products and components and an urgent warning about a newly discovered zero-day cyberespionage campaign. The Redmond, Wash. software maker confirmed in-the-wild exploitation of one of the patched bugs — CVE-2021-40449 — in an exploit chain ..

Read more

At SecurityWeek’s 2021 CISO Forum, a high-powered panel of experts  discussed specific ways an SBOM can improve supply chain security and where expectations may be overblown.  The conversation covers edge cases that are turning out to be more troublesome than anticipated and what might come next after SBOM and where there are opportunities for innovation (e.g., new ..

Read more

Mondoo, a startup that provides security tools for DevOps teams, has raised $15 million in funding ($12 million in a new Series A round, and $3 million from a previously undisclosed seed round). The Series A funding round was Led by Atomico with participation from a range of high-profile private investors. Mondoo says it will ..

Read more