Organizations Feel Threat of Nation-State Attacks, Survey Shows

An increasing number of companies believe they are being targeted by state-sponsored hacking groups, a new survey shows.  According to Radware’s latest Global Application & Network Security Report, of 561 respondents representing a broad range of organizations worldwide, 27% said their company was hit by nation-state hackers in 2019, a 42% increase compared to 2018, when only 19% of respondents claimed they experienced such attacks.  With the challenges of attack…

January 15, 2020
Read More >>

Trusona Raises $20 Million in Series C Funding Round

Passwordless multi-factor authentication technology provider Trusona this week announced it has raised $20 million as part of a Series C funding round led by Georgian Partners. Scottsdale, Arizona-based Trusona was founded in 2015 by Ori Eisen, who also acts as CEO. The company’s platform is used by organizations in the financial services, healthcare, higher education, media, and other industries. The company plans on using the new funds to expand operations…

January 15, 2020
Read More >>

Vulnerabilities Found in VMware Tools, Workspace ONE SDK

VMware on Tuesday advised customers using VMware Tools version 10 for Windows to update their installations to version 11 due to a local privilege escalation vulnerability. According to the virtualization giant, the repair operation in VMware Tools 10.x.y is affected by a race condition that allows an attacker who has access to the guest virtual machine to escalate their privileges. The company says VMware Tools 11.0.0 is not affected as…

January 15, 2020
Read More >>

Oracle’s January 2020 CPU Delivers 334 New Patches

Oracle has released its first Critical Patch Update (CPU) for 2020, which includes a total of 334 new security patches across multiple product families. More than half (192) of the security fixes address vulnerabilities that can be exploited remotely without authentication, Oracle reveals in its advisory. Moreover, the company notes that 40 of the new patches address critical issues. This month, Enterprise Manager was the most affected, with 50 patches…

January 15, 2020
Read More >>

SAP Releases 6 Security Notes on January 2020 Patch Day

SAP today released 6 Security Notes and 1 Updated Note as part of its January 2020 Security Patch Day, with all addressing Medium severity vulnerabilities.  The most important of these is a Cross-Site Scripting (XSS) flaw in Rest Adapter of SAP Process Integration. The vulnerability is tracked as CVE-2020-6305 and features a CVSS score of 6.1.  Next in line is CVE-2020-6304, a Denial of service (DoS) flaw in SAP NetWeaver…

January 15, 2020
Read More >>

Encryption Battle Reignited as US Govt at Loggerheads With Apple

Apple and the US government are at loggerheads for the second time in four years over unlocking iPhones connected to a mass shooting, reviving debate over law enforcement access to encrypted devices. Attorney General Bill Barr claimed Monday that Apple failed to provide “substantive assistance” in unlocking two iPhones in the investigation into the December shooting deaths of three US sailors at a Florida naval station, which he called an…

January 15, 2020
Read More >>

NSA Discloses Serious Windows Vulnerability to Microsoft

The U.S. National Security Agency (NSA) has informed Microsoft that Windows is affected by a potentially serious spoofing vulnerability that could allow hackers to make a malicious file appear to come from a trusted source or conduct man-in-the-middle (MitM) attacks. The NSA reached out to reporters to inform them about the vulnerability before Microsoft released its patches. The agency led many to believe that the flaw was highly critical, but…

January 14, 2020
Read More >>

Google Says it Will Phase Out Web-Tracking ‘Cookies’

Google on Tuesday said is making progress in its quest to vanquish third-party “cookies” on its popular browser used to track people’s online activities, a focus of many privacy activists. The online giant said its “Sandbox” program would still allow advertisers the ability to deliver targeted messages, while also sparing people from being tracked by snippets of code called “cookies” when they use its Chrome web browser. “We are confident…

January 14, 2020
Read More >>

Google Researchers Detail Critical iMessage Vulnerability

Google Project Zero security researchers have published technical details on an iMessage vulnerability addressed last year, which could be exploited remotely to achieve arbitrary code execution.  Tracked as CVE-2019-8641, the vulnerability is considered Critical, featuring a CVSS score of 9.8, and was discovered by Google Project Zero security researchers Samuel Groß and Natalie Silvanovich.  In September 2019, Apple announced that the release of iOS 12.4.2 for iPhone 5s, iPhone 6,…

January 14, 2020
Read More >>

The Changing Face of Cloud Threat Intelligence

As public cloud providers continue to elevate their platforms’ default enterprise protection and compliance capabilities to close gaps in their portfolio or suites of in-house integrated security products, CISOs are increasingly looking to the use and integration of threat intelligence as the next differentiator within cloud security platforms. Whether thinking in terms of proactive or retroactive security, the incorporation (and production) of timely and trusted threat intelligence has been a…

January 14, 2020
Read More >>