Another day, another zero-day attack hitting widely deployed software from a big tech provider. Google on Friday joined the list of vendors dealing with zero-day attacks, rolling out a major Chrome Desktop update to fix a security defect that’s already been exploited in the wild. The high-severity vulnerability, tracked as CVE-2023-2033, is described as a…
Google today published a white paper calling on vendors to provide more transparency into their vulnerability management practices. A longtime supporter of collaboration on bug disclosure and patching, the internet giant believes that the endless ‘doom loop’ of vulnerability patching is exhausting defenders and users. In addition, the tools created in response to novel attack…
The US Cybersecurity and Infrastructure Security Agency (CISA) has recently ordered federal agencies to patch three Veritas Backup Exec vulnerabilities, which have been exploited in ransomware attacks. The three vulnerabilities, tracked as CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878, were all identified in the SHA Authentication scheme of the Veritas Backup Exec agent and could allow an attacker…
Push Security, a startup that secures employees’ use of online applications and services, has recently announced its Series A funding of $15 million, which brings its total investments to $19 million. Led by GV (Google Ventures), the new round saw participation from Decibel and several angel investors. The London-based company provides enterprises with a centralized…
The network security breach at Western Digital remains a significant issue. On April 2, digital storage giant Western Digital (WD) announced a service outage impacting cloud, proxy, web, authentication, email, and push notification services, including My Cloud, My Cloud Home (Duo), My Cloud OS5, SanDisk Ibi, and SanDisk Ixpand Wireless Charger. The reason for the…
New York security startup LeapXpert has just scored a massive injection of $22 million in venture capital investment to use in building technology to help businesses manage the use of consumer messaging apps in the enterprise. The Series A financing was led by Rockefeller Asset Management through its Technology Ventures Group, with equity investments from…
Microsoft recently disclosed that a Russian-based Advanced Persistent Threat (APT) actor had been exploiting a critical zero-day vulnerability in Outlook since April 2022. The vulnerability, tracked as CVE-2023-23397, leaves few forensic artifacts to discover in traditional endpoint forensic analysis and could be used for initial access, credential access, lateral movement, and persistence in compromised mailboxes.…