Apple on Thursday confirmed a new zero-day exploit hitting older iPhones and warned that the security vulnerability also affects the macOS Catalina platform.This is the 16th documented in-the-wild zero-day exploitation of security defects in Apple’s iOS and macOS platforms so far this year.“Apple is aware of reports that an exploit for this issue exists in t

Evolving threats put applications at risk. Robust web application security can help prevent compromise before it happens. Not sure where to start? Our protective primer has you covered. What Is Web Application Security?  Web application security focuses on the reduction of threats through the identification, analysis and remediation of potential w

Cyber insurance is a new branch of an old industry. That industry has centuries of experience in insuring shipping and a hundred or more years of insuring motor cars -- but only a few decades of cyber knowledge. It has comparatively little knowledge of either cyber risk or the financial insurance risk – and nobody yet knows where this new journey will take i

A security vulnerability in Small Offices/Home Offices (SOHO) routers from Netgear could be exploited to execute arbitrary code remotely as root, according to security researchers at consulting firm GRIMM.Located in the updated process of the Circle Parental Control Service on multiple Netgear router models, the security bug is tracked as CVE-2021-40847 and

Cloud computing and virtualization technology giant VMWare on Tuesday shipped an urgent security patch for a flaw in its vCenter Server product and warned users to expect public exploit code within minutes of disclosure.“Time is of the essence,” VMWare said in a note calling attention to CVE-2021-22005, a file upload bug in the vCenter Server Analytics servi

Security researchers at Cisco Talos have identified a new backdoor that Russian cyberespionage group Turla is believed to have been using in attacks since last year.Likely a second-chance backdoor, the malware is simple but capable of maintaining a prolonged stealthy presence on infected machines. Turla used the backdoor in attacks on targets in the United S

Apple on Monday rolled out a major refresh of its flagship iOS mobile platform, adding a built-in two-factor authentication code generator and multiple anti-tracking security and privacy features.The iOS 15 makeover also includes patches for at least 22 documented security vulnerabilities, some serious enough to expose iPhone and iPad users to remote denial-

Google this week announced plans to support the Open Source Technology Improvement Fund (OSTIF) to boost the security of open source projects.The announcement, which follows Google’s $100 million pledge to open source security projects, will help OSTIF launch its Managed Audit Program (MAP), meant to review the security of projects critical to the open sourc

Endpoint security platform Kolide on Thursday announced that it has raised $17 million in Series B funding, for a total of $27 million raised to date.The funding round was led by Boston-based venture capital OpenView Partners. Matrix Partners, who led Kolide’s Series A, also invested in the new round.Kolide sells a Security-as-a-Service (SaaS) platform that

Application security startup Neosec this week emerged from stealth mode after closing a $20.7 million Series A funding round.Co-led by CTO Ziv Sivan and CEO Giora Engel, the company received financing from New Era Capital Partners, True Ventures, TLV, and SixThirty, as well as from investors Gary Fish, Mark Anderson, Mickey Boodaei, Rakesh Loonkar, and Shail

When I attended new employee orientation at a global technology company several decades ago, I remember very brief cybersecurity training. The gist was to contact someone in IT if we noticed any potential issues. While I was with the company, I only thought about cybersecurity when I passed the server room, and I could only peek into that locked, dark

You’ve probably heard how using artificial intelligence (AI) can improve your cybersecurity — and how threat actors are using AI to launch attacks. You know that you need to use the same tools, if not better ones. AI security is about having the right tools, but also about having the right information.  But you aren’t sure where to st

Microsoft on Tuesday shipped a major security update to blunt zero-day attacks targeting a gaping hole in its proprietary MSHTML browsing engine.The patch comes exactly one week after the Redmond, Wash. software giant acknowledged the CVE-2021-40444 security defect and confirmed the existence of in-the-wild exploitation via booby-trapped Microsoft Office doc

Google has joined the list of major software providers scrambling to respond to zero-day exploits in the wild.On the same day Apple pushed out iOS and macOS patches to address gaping security holes, Google shipped an advisory of its own to warn of a pair of already-exploited flaws in its desktop Chrome browser.“Google is aware that exploits for CVE-2021-3063

Attack surface management pioneer Tenable on Monday announced plans to spend $160 million in cash to snap up Accurics, an early-stage startup selling cloud-native security for DevOps and security teams.The deal, which is expected to close later this year, is Tenable’s priciest acquisition to date and expands its product portfolio with capabilities to detect