All the latest blog posts from the most relevant cyber security companies in the business.

“The number of cyber threat actors is rising, and they are becoming more sophisticated”, the Canadian Centre for Cyber Security said. The center found that those four countries are very likely attempting to build up capacities to disrupt key Canadian infrastructure — like the electricity supply — to further their goals. The report said they…

Identified by IBM’s security researchers, the Webex flaws could allow attackers to join meetings as ghosts (without being seen by other participants), remain in the meeting as a ghost after being expelled, and access information on meeting attendees (names, email addresses and IP addresses). Tracked as CVE-2020-3419, the first of the issues impacts both Webex…

macOS Big Sur 11.0 was officially launched on November 12 and on the same day Apple released its first update, version 11.0.1. The company has advised customers to update to this version — macOS Big Sur 11.0 comes preinstalled on certain Mac models — but there have been reports that the Big Sur update is…

The Cologne, Germany-based company provides solutions for cell and therapy research, including COVID-19-related products. It has facilities in 28 countries and employs more than 3,000 people. In an official statement, Miltenyi Biotec announced that, over the past couple of weeks, it experienced malware attacks that affected some of its order processing capabilities. “During the last…

As its largest acquisition to date, Palo Alto will pay $670 million in cash and stock and approximately $130 million in equity awards. Expanse’s platform provides customers with a vulnerability map of externally exposed and untracked assets and helps evaluate and mitigate risk. Following the acquisition, Expanse’s attack surface management capabilities will be integrated into…

The Firefox vulnerability, tracked as CVE-2020-26950, has been described as an issue related to write side effects in MCallGetProperty opcode not being accounted for. “In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition,” Mozilla said in an advisory published on Monday. The flaw was fixed with…

Due to the COVID-19 pandemic, the competition has been turned into a virtual event and Pwn2Own Tokyo is actually coordinated by Trend Micro’s ZDI from Toronto, Canada, with participants demonstrating their exploits remotely. Organizers have offered significant prizes for exploits targeting a wide range of mobile and IoT devices, but participants have only focused on…