HackDig : Dig high-quality web security articles

Google Helps OSTIF Boost Security of Open Source Projects

Google this week announced plans to support the Open Source Technology Improvement Fund (OSTIF) to boost the security of open source projects.The announcement, which follows Google’s $100 million pledge to open source security projects, will help OSTIF launch its Managed Audit Program (MAP), meant to review the security of projects critical to the open sourc
Publish At:2021-09-16 19:48 | Read:156 | Comments:0 | Tags:Cyberwarfare Endpoint Security Mobile Security Network Secur

Endpoint Security Platform Kolide Banks $17 Million Investment

Endpoint security platform Kolide on Thursday announced that it has raised $17 million in Series B funding, for a total of $27 million raised to date.The funding round was led by Boston-based venture capital OpenView Partners. Matrix Partners, who led Kolide’s Series A, also invested in the new round.Kolide sells a Security-as-a-Service (SaaS) platform that
Publish At:2021-09-16 19:47 | Read:106 | Comments:0 | Tags:Endpoint Security Mobile Security Network Security NEWS &

Regular Users Can Now Remove Password From Their Microsoft Account

Microsoft on Wednesday informed owners of consumer accounts that they can now go completely passwordless and rely on other, more secure authentication methods.Users with existing Microsoft accounts can delete their password from the account, and new accounts can be created without a password. Users will be able to rely on Microsoft’s Authenticator app, Windo
Publish At:2021-09-15 11:30 | Read:80 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access

Zoom Introduces End-to-End Encrypted Phone Calls

Zoom this week revealed that its users will be getting the option to encrypt their one-on-one phone calls courtesy of end-to-end encryption (E2EE) being expanded to Zoom Phone.Starting last year, the video calling platform has been offering E2EE in Zoom Meetings, and it is now ready to make it available for one-on-one phone conversations made through the Zoo
Publish At:2021-09-15 07:34 | Read:188 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Compliance Identity & Access

Patch Tuesday: Microsoft Plugs Exploited MSHTML Zero-Day Hole

Microsoft on Tuesday shipped a major security update to blunt zero-day attacks targeting a gaping hole in its proprietary MSHTML browsing engine.The patch comes exactly one week after the Redmond, Wash. software giant acknowledged the CVE-2021-40444 security defect and confirmed the existence of in-the-wild exploitation via booby-trapped Microsoft Office doc
Publish At:2021-09-14 15:26 | Read:125 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Mobile Secu

Google Warns of Exploited Zero-Days in Chrome Browser

Google has joined the list of major software providers scrambling to respond to zero-day exploits in the wild.On the same day Apple pushed out iOS and macOS patches to address gaping security holes, Google shipped an advisory of its own to warn of a pair of already-exploited flaws in its desktop Chrome browser.“Google is aware that exploits for CVE-2021-3063
Publish At:2021-09-13 19:46 | Read:166 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Mobile Secu

Tenable to Acquire Accurics in $160M Deal

Attack surface management pioneer Tenable on Monday announced plans to spend $160 million in cash to snap up Accurics, an early-stage startup selling cloud-native security for DevOps and security teams.The deal, which is expected to close later this year, is Tenable’s priciest acquisition to date and expands its product portfolio with capabilities to detect
Publish At:2021-09-13 15:26 | Read:188 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

Tens of Thousands of Unpatched Fortinet VPNs Hacked via Old Security Flaw

A threat actor has leaked online access credentials for 87,000 Fortinet VPN devices that were apparently compromised using a vulnerability identified and patched two years ago.Approximately 500,000 credentials for FortiGate SSL-VPN devices were leaked online last week, essentially providing anyone with access to devices at organizations in 74 countries aroun
Publish At:2021-09-13 15:26 | Read:100 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Facebook Announces Encrypted WhatsApp Backups

Facebook has announced plans to further improve WhatsApp privacy and security by allowing users to encrypt their message history backups in the cloud.While a user can easily turn on WhatsApp on any new device, given that accounts are phone number-based, conversation history isn’t available unless a backup was created on the previous device. Users can set tim
Publish At:2021-09-13 11:30 | Read:139 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Identity & Acce

GitHub Patches Security Flaws in Core Node.js Dependencies

GitHub has published documentation on seven vulnerabilities in the Node.js packages and warned that exploitation could expose users to code execution attacks.“These vulnerabilities may result in arbitrary code execution due to file overwrite and creation when tar is used to extract untrusted tar files or when the npm CLI is used to install untrusted npm pack
Publish At:2021-09-10 11:30 | Read:282 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Cisco Patches High-Severity Security Flaws in IOS XR

Cisco this week released patches for multiple high-severity vulnerabilities in the IOS XR software and warned that attackers could exploit these bugs to reboot devices, elevate privileges, or overwrite and read arbitrary files.The most severe of these issues is CVE-2021-34720 (CVSS score 8.6), a bug that could be exploited remotely without authentication to
Publish At:2021-09-10 11:30 | Read:223 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Microsoft Warns of Information Leak Flaw in Azure Container Instances

Microsoft has patched an Azure Container Instances (ACI) vulnerability that could have allowed users to access the information of other Azure customers.The company did not provide technical details on the vulnerability but security researchers with Palo Alto Networks say attackers could have exploited the  bug to execute code on other users' containers,
Publish At:2021-09-09 11:31 | Read:154 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Application Security Fraud &

US Gov Seeks Public Feedback on Draft Federal Zero Trust Strategy

The U.S. government's Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) this week announced they are seeking public feedback on draft zero-trust strategic and technical documentation.The OMB has drafted a federal strategy to transition the U.S. government towards a zero-trust architecture and is now seeking
Publish At:2021-09-09 11:30 | Read:171 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Network Sec

Zoho Confirms Zero-Day Authentication Bypass Attacks

Zoho has shipped an urgent patch for an authentication bypass vulnerability in its ManageEngine ADSelfService Plus alongside a warning that the bug is already exploited in attacks.Tracked as CVE-2021-40539, the security flaw is deemed critical as it could be exploited to take over a vulnerable system.The issue, according to a Zoho advisory, affects the REST
Publish At:2021-09-08 15:27 | Read:175 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

CISA Reminds of Risks Connected to Managed Service Providers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued new  guidelines for government and private organizations to take into consideration when looking to outsource services to a Managed Service Provider (MSP).Titled Risk Considerations for Managed Service Provider Customers, CISA’s new guidance is aimed at three decision-making gro
Publish At:2021-09-08 11:31 | Read:232 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security NEWS &

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud