Securityweek

Microsoft Offers Up to $30,000 for Flaws in Chromium-Based Edge

Microsoft is offering up to $30,000 for vulnerabilities found in the new version of its Edge browser. Microsoft this week announced the release of the first Beta preview of the upcoming version of Edge, which is based on Chromium. The company also unveiled a new bug bounty program that gives researchers the opportunity to earn significant bounties for responsibly disclosing vulnerabilities in the new Edge. According to Microsoft, the new…

August 23, 2019
0 comment
Read More >>

Claroty Releases Free Diagnostic Tool for Urgent/11 Vulnerabilities

Industrial cybersecurity firm Claroty this week released a free and open source tool designed to help organizations check whether their operational technology (OT) devices are vulnerable to Urgent/11 attacks. IoT security firm Armis recently disclosed 11 vulnerabilities affecting the VxWorks real time operating system (RTOS). The flaws, collectively tracked as Urgent/11, can allow a remote attacker to take control of impacted systems. The flaws affect VxWorks versions 6.9.4.11, Vx7 SR540…

August 23, 2019
0 comment
Read More >>

Hackers Target Vulnerabilities in Fortinet, Pulse Secure Products

Recently disclosed vulnerabilities affecting enterprise virtual private network (VPN) products from Fortinet and Pulse Secure have been exploited in the wild, a researcher reported on Thursday. Researcher Kevin Beaumont said he spotted attempts to exploit the flaws via BinaryEdge. The targeted security holes are CVE-2018-13379, a high-risk path traversal vulnerability in the FortiOS SSL VPN web portal, and CVE-2019-11510, a critical arbitrary file read vulnerability in Pulse Connect Secure. Both…

August 22, 2019
0 comment
Read More >>

Majority of Malicious Job Attacks on Microsoft SQL Server Target Asia

Vietnam emerges as the country affected the most by Microsoft SQL Server attacks that leverage malicious jobs, a new report from Kaspersky reveals. Microsoft SQL Server is being used worldwide by companies of all sizes for database management, and its popularity, along with the fact that it is not sufficiently protected, make it the target of choice for many threat actors looking to compromise business environments for all kinds of…

August 22, 2019
0 comment
Read More >>

Remote Code Execution Flaws Impact Aspose APIs

Vulnerabilities that Cisco Talos security researchers have discovered in various Aspose APIs could allow a remote attacker to execute code on affected machines. The APIs provided by Aspose are designed to help with the manipulation and conversion of a broad range of document formats. The discovered security flaws impact APIs that help with the processing of PDF, Microsoft Word, and other file types. To exploit these vulnerabilities, an attacker would…

August 22, 2019
0 comment
Read More >>

DLL Hijacking Flaw Found in Bitdefender Antivirus Free 2020

A DLL hijacking vulnerability affecting Bitdefender Antivirus Free 2020 could have been exploited for privilege escalation and other malicious purposes, SafeBreach researchers revealed on Wednesday. The vulnerability, tracked as CVE-2019-15295 with a CVSS score of 5.9 (medium severity), impacted Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, which patches the vulnerability. Bitdefender, which described the flaw as an untrusted search path issue, said the mitigation was delivered to affected users…

August 22, 2019
0 comment
Read More >>

Privileged Access Management Provider Remediant Raises $15 Million

San Francisco, CA-based privileged access management (PAM) solution provider Remediant has closed a $15 million Series A funding round co-led by Dell Technologies Capital and ForgePoint Capital. The money will be used to expand Remediant’s marketing and field operations, product engineering, channel and customer success programs, following quintupled sales revenue between 2017 and 2018. Remediant was founded in 2015 by two security practitioners, Paul Lanzi (now COO) and Tim Keeler…

August 22, 2019
0 comment
Read More >>

Attackers Demand Millions in Texas Ransomware Incident

The cybercriminals behind the recent ransomware incident that impacted over 20 local governments in Texas are apparently demanding $2.5 million in exchange for access to encrypted data. The incident took place on August 16, when 23 towns in Texas revealed they were targeted in a coordinated attack to infect their systems with ransomware. The State Operations Center (SOC) was activated soon after and all of the impacted entities were quickly…

August 22, 2019
0 comment
Read More >>

Tech Giants Join Forces on Confidential Computing

The Linux Foundation this week announced an industry-wide effort aimed at accelerating the adoption of confidential computing. The effort is aimed at creating the Confidential Computing Consortium, a new organization hosted at The Linux Foundation and which is already enjoying participation from Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent. With computing spanning from on premises to public cloud to edge, and workloads being moved…

August 22, 2019
0 comment
Read More >>

Cisco Patches Many Serious Vulnerabilities in Unified Computing Products

Cisco informed customers on Wednesday that it has released patches for 17 critical and high-severity vulnerabilities affecting some of its Unified Computing products. A majority of these vulnerabilities impact the Integrated Management Controller (IMC), which provides embedded server management capabilities for Cisco Unified Computing System (UCS) servers. Five of the security holes also impact UCS Director and UCS Director Express for Big Data, and one issue only affects UCS Director…

August 22, 2019
0 comment
Read More >>