DogWalk and several vulnerabilities in Exchange
With this August patch Tuesday Microsoft fixed more than a hundred vulnerabilities. Some of the vulnerabilities require special attention from corporate cybersecurity personal. Among them there are 17 critical ones, two of which are zero-days. At least one vulnerability has already been actively exploited in the wild, so it would be wise not to delay…
Traceable AI announces enhanced data security capabilities to address more specific types of API attacks
At Black Hat USA 2022, Traceable AI announced enhanced capabilities to address more specific types of API attacks, including API abuse and misuse, fraud and malicious API bots, all of which contribute to serious data security and compliance challenges within organizations today. These additional capabilities enable organizations to detect, stop and eliminate these types of…
Forecasting Metaverse Threats: Will it Become Metaworse?
The term “metaverse” was first used by Neal Stephenson in his 1992 cyberpunk novel Snow Crash. It describes a virtual world that can be explored using avatars, offering players a completely immersive experience. Today, we see similar worlds in massively multiplayer online role-playing games (MMORPGs) such as Roblox, Minecraft, Fortnite, Second Life, and others, but…
Microsoft Publishes Office Symbols to Improve Bug Hunting
Symbols are pieces of information used during debugging, and are contained within Symbol files, which are created by the compiler during application build. Some of these symbols are called ‘public symbols’. They contain basic information, such as function names and global variables, and are used in all forms of debugging. Symbol files that contain only…
Pipeline Operators Are Headed in the Right Direction, With or Without TSA’s Updated Security Directives
Following the Colonial Pipeline hack — one of the highest-profile attacks against US critical infrastructure to date — in 2021, the Department of Homeland Security’s Transportation Security Administration (TSA) released two unprecedented Security Directives, requiring owners and operators of gas and liquid pipelines to implement strict new protections against cyberattacks. On July 21, the TSA…
Zimbra Credential Theft Vulnerability Exploited in Attacks
The security hole, tracked as CVE-2022-27924 and described as a Memcache injection issue, allows an unauthenticated attacker to steal cleartext credentials from a targeted Zimbra instance without any user interaction. An attacker can leverage the compromised credentials to access the victim’s emails, from where they could escalate their access within the targeted organization and obtain…
Ransomware protection with Malwarebytes EDR: Your FAQs, answered!
We get a few questions about ransomware protection and how our Endpoint Detection and Response software can protect you from ransomware. In this post, our security experts answer some of your most frequently asked questions about ransomware and how our EDR can help—let’s get started. Q: When considering an EDR solution, what anti-ransomware features should…
Cyber Readiness Measurement Firm Axio Raises $23 Million
Axio believes the threat is not the risk – the risk is the business impact of the threat. For most firms, the greater part of cybersecurity effort and budget is targeted at mitigating threats rather than managing risk. While mitigating threats is important, it alone is not true risk management; and is repeatedly demonstrated to…
Cybersecurity M&A Roundup: 39 Deals Announced in July 2022
SecurityWeek has also conducted an analysis of the deals announced in the first half of the year. We have cataloged 234 cybersecurity M&A deals, with a surge observed in the first half of June. 11:11 Systems acquires Static1 Managed infrastructure solutions provider 11:11 Systems has acquired managed network and IT infrastructure development and services firm…
Power Electronics Manufacturer Semikron Targeted in Ransomware Attack
Semikron, which employs 3,000 people across 24 subsidiaries worldwide, makes power modules and systems. Its products are used in motor drives, industrial automation systems, as well as other application areas. In a notice posted on its website on Monday, Semikron said it had been targeted by ‘a professional hacker group’. The company said the incident…
