All the latest blog posts from the most relevant cyber security companies in the business.

The security hole, tracked as CVE-2022-27924 and described as a Memcache injection issue, allows an unauthenticated attacker to steal cleartext credentials from a targeted Zimbra instance without any user interaction. An attacker can leverage the compromised credentials to access the victim’s emails, from where they could escalate their access within the targeted organization and obtain…

Axio believes the threat is not the risk – the risk is the business impact of the threat. For most firms, the greater part of cybersecurity effort and budget is targeted at mitigating threats rather than managing risk. While mitigating threats is important, it alone is not true risk management; and is repeatedly demonstrated to…

SecurityWeek has also conducted an analysis of the deals announced in the first half of the year. We have cataloged 234 cybersecurity M&A deals, with a surge observed in the first half of June. 11:11 Systems acquires Static1 Managed infrastructure solutions provider 11:11 Systems has acquired managed network and IT infrastructure development and services firm…

Go, or Golang, is an open source programming language designed for building reliable and efficient software at scale. Supported by Google, Go is leveraged by some of the world’s largest companies and it’s often used to develop cloud-native apps, including for Kubernetes. Oxeye researchers have conducted an analysis of Go-based cloud-native applications and discovered an…

Cybrary, which sells access to a platform focused on cybersecurity workforce education and training, said the $25 million Series B round was led by its current investors BuildGroup and Gula Tech Adventures. This latest investment brings Cybrary’s total funding to date to $48 million, following its $15 million Series B round announced in November 2019….

Microsoft’s security team earlier this week said it found that a malware called Subzero — developed by Vienna-based company DSIRF — was deployed in 2021 and 2022. “Observed victims to date include law firms, banks and strategic consultancies in countries such as Austria, the United Kingdom and Panama,” it wrote in a blog entry on…

Initially announced in February, the macro-blocking feature is meant to prevent phishing attacks by making it more difficult for users to enable macros in documents received from the internet. Small snippets of code embedded in Office documents, macros have long been abused by threat actors in phishing attacks and for malware delivery. In 2016, Microsoft…

According to fresh data from Redmond’s threat intelligence team, a ransomware-as-a-service gang it tracks as DEV-0206 has been caught rigging online ads to trick targets into installing a loader for additional malware previously attributed to EvilCorp. Even more ominously, Microsoft said its research teams discovered EvilCorp malware distribution tactics and observed behavior all over the…