Tufin released the Vulnerability-Based Change Automation App (VCA). The new app expands Tufin’s vulnerability management capabilities with automated vulnerability checks prior to approving network access changes. When combined with the Vulnerability Mitigation App (VMA), Tufin delivers a vulnerability management solution that allows customers to maintain additional control over their attack surface when making network changes….

Research conducted by Alissa Knight, partner at marketing agency Knight Ink, on behalf of mobile API threat protection firm Approov showed that the applications are to API attacks that unauthorized parties could leverage to access protected health information (PHI) and personally identifiable information (PII). With people increasingly relying on mHealth apps during the COVID-19 pandemic,…

Apple has release a new batch of security updates and has fixed three iOS zero-days that “may have been actively exploited” by attackers. The three zero-days Two of the zero-day vulnerabilities (CVE-2021-1870 and CVE-2021-1871) are logic issues affecting the WebKit browser engine, which may allow a remote attacker to achieve code execution on devices running…

WhatsApp has been in the news recently after changes to its privacy policy caused a surge of interest in rival messaging app Signal. Initial reports may have worried a lot of folks, leading to inevitable clarifications and corrections. But what, you may ask, actually happened? Is there a problem? Are you at risk? Or should…

During a presentation at DEF CON last week, Check Point security researcher Slava Makkaveev revealed how vulnerabilities in the compute digital-signal processor (DSP) – a subsystem that enables the processing of data with low power consumption – could open the door for Android applications to perform malicious attacks. The proprietary subsystem is licensed for programming…