application security Archives - Page 6 of 15

Mozilla Blocks Malicious Firefox Add-Ons Abusing Proxy API

Issued by: Security Week

The API allows add-ons to control the manner in which the browser connects to the Internet, and some extensions were found to abuse this. Specifically, the manner in which the offending add-ons interacted with the API prevented users from accessing updated blocklists, from downloading updates, and from updating content remotely configured. According to Mozilla, a…

Application Security

Valence Emerges From Stealth to Address Business App Connectivity Risks

Issued by: Security Week

Valence emerged from stealth with $7 million in seed funding. The funding round was led by YL Ventures, with participation from several cybersecurity executives and serial entrepreneurs. The company, founded by Yoni Shohet (CEO) and Shlomi Matichin (CTO), aims to provide a solution that can secure what it has named the Business Application Mesh, which…

Application Security

Necro Python Botnet Starts Targeting Visual Tools DVRs

Issued by: Security Week

First discovered in January this year, Necro Python is also tracked as N3Cr0m0rPh, FreakOut, Python.IRCBot and is known for attempting to exploit multiple known vulnerabilities. In late September, the botnet added to its arsenal an exploit targeting a security vulnerability in Visual Tools DVR VX16 4.2.28.0, according to a warning from Juniper Threat Labs. Based…

Vulnerabilities

GitKraken Vulnerability Prompts Action From GitHub, GitLab, Bitbucket

Issued by: Security Week

Discovered in the open source library that the Git GUI client uses for SSH key generation, the issue affects all keys issued using versions 7.6.x, 7.7.x, and 8.0.0 of GitKraken. The security hole was identified in late September and was addressed with the release of GitKraken version 8.0.1. The SSH key generation library was replaced…

Application Security, Cloud Security

Cybersecurity M&A Roundup for October 1-10, 2021

Issued by: Security Week

A total of nine cybersecurity-related acquisitions were announced in the first 10 days of October 2021. 11:11 Systems acquires Green Cloud Defense Managed infrastructure solutions provider 11:11 Systems acquired Green Cloud Defense, a cloud infrastructure-as-a-service provider that specializes in managed cloud security solutions. The deal will help 11:11 Systems expand its capabilities and grow its…

Cloud Security

Microsec.ai Exits Stealth With Cloud Application Runtime Protection Platform

Issued by: Security Week

The company’s agentless CNAPP solution aims to secure multi-cloud IaaS and PaaS environments, as well as containers and data, through a single, unified interface. Founded in February 2021, the Santa Clara, California-based company offers support for major cloud infrastructure providers, including AWS, Azure, Google, IBM, and Oracle. Microsec.ai claims to provide visibility into containers, microservices,…

Vulnerabilities

ESET Discovers UEFI Bootkit in Cyber Espionage Campaign

Issued by: Security Week

The ESET discovery is the second real-world UEFI bootkit to be publicly documented in recent weeks, following Kaspersky’s report on a new Windows UEFI bootloader fitted into the FinSpy surveillance spyware product. According to ESET researchers Anton Cherepanov and Martin Smolar, the malware has evaded detection for almost a decade and was engineered to bypass…

Application Security

Google Pledges $1 Million to Secure Open Source Program

Issued by: Security Week

The pilot program financially rewards developers who help improve the security of critical open source projects and is meant to complement existing vulnerability management programs. Committed to boost the security of the open source ecosystem, the Internet search giant recently pledged $100 million in support for projects that aim to fix vulnerabilities in open source…

Mobile Security

Apple Confirms New Zero-Day Attacks on Older iPhones

Issued by: Security Week

This is the 16th documented in-the-wild zero-day exploitation of security defects in Apple’s iOS and macOS platforms so far this year. “Apple is aware of reports that an exploit for this issue exists in the wild,” the company said without elaborating. No other details of IOCs (indicators of compromise) were provided. The Cupertino, Calif. software…

Vulnerabilities

Facebook Announces Encrypted WhatsApp Backups

Issued by: Security Week

While a user can easily turn on WhatsApp on any new device, given that accounts are phone number-based, conversation history isn’t available unless a backup was created on the previous device. Users can set time intervals for the creation of local backups and can also choose to store those in the cloud, for fast access….