Google addressed two critical vulnerabilities in the Android System component as part of the newly released September 2020 set of security patches.More than 50 flaws are described in the Android Security Bulletin for September 2020: twenty-two as part of the 2020-09-01 security patch level and twenty-nine with the 2020-09-05 security patch level.Of the 22 is

Managed Security Services provider Secureworks (NASDAQ:SCWX), announced on Wednesday that it has agreed to acquire acquire Delve Laboratories, a company that provides a vulnerability management and asset discovery platform.Terms of the acquisition were not disclosed. According to SecurityWeek's research, Delve has raised roughly $1.5 million in Seed funding.

SAP this week announced the release of 10 new Security Notes as part of its September 2020 Security Patch Day, as well as updates for 6 previous Security Notes.Two of the Security Notes are rated Hot News and address critical flaws in SAP Marketing - Mobile Channel Servlet (CVE-2020-6320 – improper access control) and NetWeaver (ABAP Server) and ABAP Platfor

A researcher has disclosed the details of a cross-site scripting (XSS) vulnerability in Google Maps that earned him $10,000.Israel-based security researcher Zohar Shachar discovered the vulnerability in April 2019 and it was patched a few weeks later, but he only now disclosed his findings.The flaw affected the Google Maps feature that allows users to create

Microsoft’s Patch Tuesday updates for September 2020 fix 129 vulnerabilities, but the company says none of them has been exploited in attacks or made public before patches were released.The tech giant has assigned a critical severity rating to 23 of the vulnerabilities affecting Windows, web browsers, Dynamics 365, SharePoint, Exchange and Visual Studio. Eac

So far, there has not been a perfect solution to ridding the world of software and hardware weaknesses. Keeping up-to-date with which weaknesses have are most common and impactful can be a daunting task. Thankfully, a list has been made to do just that the Common Weakness Enumeration Top 25 (CWE). The CWE Top 25 is a community-developed list of the most dang

Adobe on Tuesday informed customers that it has patched a total of 18 vulnerabilities across its Experience Manager (AEM), FrameMaker and InDesign products.In its InDesign design and publishing product, Adobe fixed five critical memory corruption bugs that can allow an attacker to execute arbitrary code in the context of the targeted user.In the FrameMaker d

Vulnerabilities affecting CodeMeter, a popular licensing and DRM solution made by Germany-based Wibu-Systems, can expose industrial systems to remote attacks, industrial cybersecurity company Claroty warned on Tuesday.CodeMeter is designed to protect software against piracy and reverse engineering, it offers licensing management capabilities, and it includes

Cisco last week released patches to address a critical remote code execution vulnerability in Jabber for Windows.Tracked as CVE-2020-3495 and featuring a CVSS score of 9.9, the flaw can be exploited remotely without authentication through sending a specially crafted Extensible Messaging and Presence Protocol (XMPP) message to a vulnerable application.The iss

Facebook is giving third-party application developers three weeks to respond to vulnerability reports and three months to patch bugs before public disclosure. The social media giant took the wraps off a Vulnerability Disclosure Policy this week, aimed at bugs its researchers may discover in third-party code and systems, open source applications included

Google this week increased the reward amounts paid to researchers for reporting abuse risk as part of its bug bounty program. Google added product abuse risks to its Vulnerability Reward Program (VRP) two years ago and says that more than 750 such issues have been identified since. The amount for high severity issues was increased by 166% from $5,0

Recent attacks targeting QNAP Network Attached Storage (NAS) devices were attempting to exploit a vulnerability that was addressed in July 2017, 360 Netlab security researchers say. The attacker, 360 Netlab says, shows caution in exploiting the security flaw. However, the researchers were able to identify two attacker IPs, namely 219.85.109[.]

Cisco has warned that hackers are targeting not one, but two unpatched vulnerabilities in the DVMRP feature of IOS XR software that runs on many carrier-grade routers. Over the weekend, the company published an advisory to warn of active attacks targeting a security flaw (CVE-2020-3566) in the Distance Vector Multicast Routing Protocol (DVMRP) feature o

A hacking group believed to be linked to the Iranian government was observed targeting a critical vulnerability that F5 Networks addressed in its BIG-IP application delivery controller (ADC) in early July.Tracked as CVE-2020-5902 and featuring a CVSS score of 10, the vulnerability allows remote attackers to take complete control of a targeted system. F5's BI

A security researcher was awarded a $1,750 bug bounty reward for discovering a remote code execution vulnerability in the Slack desktop applications. An attacker could exploit the vulnerability to execute arbitrary code within Slack’s desktop apps for macOS, Linux, and Windows. The issue was discovered by security engineer Oskars Vegeris of Evoluti