Just weeks after a wave of major in-the-wild zero-day attacks against Exchange Server installations globally, Microsoft is raising a fresh alarm for four new critical security flaws that expose businesses to remote code execution attacks.The four new Exchange Server vulnerabilities were fixed as part of this month’s Patch Tuesday bundle and because of the se

Microsoft this week announced the open source availability of Python code for “CyberBattleSim,” a research toolkit that supports simulating complex computer systems. Designed to help advance artificial intelligence and machine learning, the experimental research project was designed to aid in the analysis of how “autonomous agents operate in a simulated ente

The United States Department of Defense (DoD) this week announced the launch of a new vulnerability disclosure program on HackerOne to identify vulnerabilities in Defense Industrial Base (DIB) contractor networks.Running as a pilot, the Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP) covers participating DoD contractor partner’s informatio

The open-source SecureDrop Workstation has undergone a security makeover after a third-party security audit flagged multiple problems, including a high-risk bug that could allow an attacker to plant files on target machines.The SecureDrop Workstation audit, conducted by Trail of Bits and financed by the New York Times, warned that the high-risk directory tra

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a supplemental directive requiring all federal agencies to identify vulnerable Microsoft Exchange servers in their environments within five days.Providing additional direction on the implementation of CISA Emergency Directive 21-02, which on March 3 reque

Sensitive data pertaining to the customers of top mobile services providers in the European Union is at risk of compromise due to improperly secured websites, data security and privacy firm Tala reveals.An analysis of the websites of 13 of the top mobile telecom companies in the EU has revealed that none of them has in place even the minimum necessary protec

A vulnerability in the netmask npm package could expose private networks and lead to a variety of attacks, including malware delivery.The newly identified issue (which is tracked as CVE-2021-28918) resides in the fact that the package would incorrectly read octal encoding, essentially resulting in the misinterpretation of supplied IP addresses.Designed to pa

Network and asset discovery provider Rumble this week announced that it has raised $5 million in VC funding. The round was led by Jon Sakoda and Dan Nguyen-Huu at Cisco-backed Decibel Partners.The round also saw participation from Duo Security co-founder and CTO Jon Oberheide, Demisto (acquired by Palo Alto Networks) founders Slavik Markovich and Rishi Bharg

A total of five vulnerabilities that could lead to local privilege escalation were recently identified and fixed in the Linux kernel.Identified by Positive Technologies security researcher Alexander Popov, the high severity bugs resided in the virtual socket implementation of the Linux kernel.Tracked as CVE-2021-26708 and featuring a CVSS score of 7.0, the s

In response to speculation that its services may have been leveraged as an initial entry point by the hackers who breached IT management firm SolarWinds, Microsoft said on Thursday there was no evidence to back those claims.Reports, including from several mainstream media publications, have speculated about the role of Microsoft services in the SolarWinds at

A major security hole in the Sudo utility could be abused by unprivileged users to gain root privileges on the vulnerable host, Qualys reports.Designed to allow users to run programs with the security privileges of another user (by default superuser, hence the name, which is derived from ‘superuser do’), Sudo is present in major Unix- and Linux-based operati

Data security solutions provider Netwrix has merged with Stealthbits, a cybersecurity company focused on protecting sensitive data and credentials. Founded in 2006, the Irvine, California-based Netwrix claims to provide over 10,000 organizations around the world with the necessary tools to reclaim control over sensitive, business-critical data, helping

Cloud-delivered network security startup iboss on Tuesday announced the closing of a new $145 million financing deal to speed up growth in a lucrative market.iboss, founded by twin brothers Paul and Peter Martini five years ago, previously banked $35 million in venture capital funding from Goldman Sachs.The new round of financing was led by NightDragon and F

Business communications platform Slack is scrambling to recover from an ongoing outage that is proving disruptive to cybersecurity response teams around the world.At 7:15AM PST, the San Francisco, Calif.-based Slack confirmed users were “having trouble loading channels or connecting to Slack.”   No other details were provided on the cause of the ou

France's CNIL data privacy watchdog slapped 135 million euros in fines on US tech titans Google and Amazon for placing advertising cookies on users' computers without consent.The 100-million-euro fine against Google is the largest sanction the regulator has ever imposed, which it justified by the fact 90 percent of French internet users use the firm's search