Software Security

Software Security

Issued by: Security Week

Three of the vulnerabilities addressed by Foxit were identified by Cisco Talos researchers, all three leading to arbitrary code execution. Tracked as CVE-2021-21831, CVE-2021-21870, and CVE-2021-21893, the bugs carry CVSS severity score of 8.8. Due to the manner in which certain JavaScript code or annotation objects are handled, a maliciously crafted PDF file may lead…

Software Security

Issued by: Security Week

European bug bounty and vulnerability disclosure policy platform YesWeHack this week announced the closing of a €16 million ($18.8 million) round of venture capital financing. The Series B funding round included investments from Banque des Territoires and Eiffel Investment Group, as well as existing investors Normandie Participations and CNP Assurances. Founded in 2015, the YesWeHack platform…

Software Security

Issued by: Security Week

The U.K. competition watchdog has been investigating Google’s proposals to remove so-called third-party cookies over concerns they would undermine digital ad competition and entrench the company’s market power. To address the concerns, Google on Friday offered a set of commitments including giving the Competition and Markets Authority an oversight role as the company designs and…

Software Security

Issued by: Security Week

The London, United Kingdom-based company leverages machine learning to prevent attacks that rely on email and social engineering. It describes its solution as “human layer security.” The company builds behavioral models for all employees and uses them to automatically detect security threats. Furthermore, by notifying employees of these issues, it aims to help improve individual…

Software Security

Issued by: Dark Reading

Cisco today confirmed plans to acquire Kenna Security, provider of vulnerability management technology, with plans to integrate its capabilities into the SecureX platform. Kenna Security’s technology uses machine learning to analyze threat data and identify which risks organizations should prioritize – a useful technology to have at a time when organizations are struggling with a…

Software Security

Issued by: Security Week

Two critical vulnerabilities were patched in the SD-WAN vManage software, alongside three high-severity issues. The bugs are not dependent on one another and their exploitation doesn’t require exploitation of the others. One of the critical flaws (CVE-2021-1468, CVSS score 9.8) could allow unauthenticated, remote attackers to call privileged actions and even create new administrative accounts,…

Software Security

Issued by: Security Week

The funding round was led by Sapphire Ventures, with participation from previous investor Bain Capital Ventures. The company plans to use the new funds to scale up its engineering, product development, and go-to-market capabilities. It will also invest in growing its self-service capacity for small and midsize companies. Founded in 2018, the North Carolina-based firm…