Vendors and agencies are actively bypassing the security patch that Adobe released in February 2022 to address CVE-2022-24086, a critical mail template vulnerability in Adobe Commerce and Magento stores, ecommerce security firm Sansec warns.The CVE-2022-24086 bug (CVSS score of 9.8) is described as an improper input validation bug in the checkout process. It
Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to complete vehicle compromise.Tesla, in tandem with Pwn2Own organizations Zero Day Initiative, is offering a $600,000 cash prize to any hacker capable of writing exploits that pivot through multiple systems
Microsoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s already been exploited to escape the browser sandbox.The zero-day, flagged by researchers at anti-malware company Avast, was exploited in live attacks to elevate privileges and escape a
Data security software vendor Netwrix has acquired Remediant, an early-stage startup working on technology in the PAM (privileged access management) category.Financial terms of the acquisition were not disclosed. Remediant, based in San Francisco and backed by Dell Technologies Capital and ForgePoint Capital, raised $15 million in Series A venture capit
Microsoft has silently fixed an important-severity security flaw in its Azure Container Service (ACS) after an external researcher warned that a buggy feature allowed cross-tenant network bypass attacks.The vulnerability, documented by researchers at Mnemonic, effectively removed the entire network and identity perimeter around internet-isolated Azure
By Nick Selby
Trail of Bits recently completed a security review of cURL, which is an amazing and ubiquitous tool for transferring data. We were really thrilled to see cURL founder and lead developer Daniel Stenberg write a blog post about the engagement and the report, and wanted to highlight some important things he pointed out.
In this post, Daniel dives
Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released as part of Microsoft’s scheduled Patch Tuesday, addresses a flaw that lets malicious attackers use rigged files to evade MOTW (Mart of the Web) defenses. “An attacker can craft a mal
Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the flaw in the wild.A critical-level advisory from Fortinet described the bug as a memory corruption that allows a “remote unauthenticated attacker” to launch harmful code or execute commands on a target sy
Apple on Wednesday announced plans to beef up data security protections on its flagship devices with the addition of new encryption tools for iCloud backups and a feature to help users verify identities in the Messages app.The security-themed upgrades, scheduled to ship in 2023, includes a new feature called Advanced Data Protection for iCloud offering end-t
The U.S. government’s mandates around the creation and delivery of SBOMs (software bill of materials) to help mitigate supply chain attacks has run into strong objections from big-name technology vendors.A lobbying outfit representing big tech is calling on the federal government’s Office of Management and Budget (OMB) to “discourage agencies” from requiring
High-flying security compliance and automation startup Drata continues to attract major venture capital investor interest, banking $200 million in Series C funding that values the company north of $2 billion.The $200 million cash infusion comes less than two years after the San Diego, Calif-based company emerged from stealth with ambitious plans to design an
Meta is expected to face another large fine after Europe's data watchdog on Tuesday imposed binding decisions concerning the treatment of personal data by the owner of Facebook, Instagram and WhatsApp. The European Data Protection Supervisor (EDPS) said in a statement that the rulings concerned Meta's use of data for targeted advertising, but did not gi
Balance Theory, a seed-stage startup working on technology to help security teams collaborate and manage data flows securely, has closed a $3 million funding round.The Columbia, Maryland-based Balance Theory said the early-stage investment was led by DataTribe with participation from TEDCO.Balance Theory, the brainchild of former Decision Lab founders Greg B
Pangea Cyber, an early stage startup working on technology in the API security services space, has banked $26 million in a new funding round led by Google Ventures.The $26 million Series B brings the total raised by Pangea to $51 million and underscores a push by venture capital investors to bet on companies that help developers embed security services and A
Almost exactly a year after the Log4Shell security crisis sent defenders scrambling to reduce attack surfaces, new data shows that remediation has been a long, slow, painful slog for most organizations around the world.According to telemetry data from vulnerability scanning pioneer Tenable, more than 70 percent of scanned organizations remain vulnerable to t
Announce
Share high-quality web security related articles with you:)