Advisories describing the vulnerabilities were published this month by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Mitsubishi Electric. SecurityWeek has also obtained additional information from people involved in the discovery and disclosure of these flaws. One advisory describes a critical vulnerability that exposes the affected control systems to unauthenticated XML external entity injection…

A total of 14 cybersecurity-related acquisitions were announced between July 1 and July 8, 2021. Barracuda Networks acquires SKOUT Cybersecurity Application, cloud, email, data and network security solutions provider Barracuda Networks is acquiring SKOUT Cybersecurity, a company that provides cyber-as-a-service software for MSPs, as well as XDR solutions. The deal enables Barracuda to expand its…

Reports of in-the-wild exploitation emerged shortly after cybersecurity firm Positive Technologies released a proof-of-concept (PoC) exploit for the vulnerability tracked as CVE-2020-3580. Others also released PoC exploits shortly after. CVE-2020-3580 is one of the several XSS vulnerabilities patched in October 2020 by Cisco in its ASA and FTD products. Some of these flaws were reported…

“It is the position of the U.S. government that we strongly discourage the payment of ransoms,” Eric Goldstein, a top cybersecurity official in the Department of Homeland Security, told a congressional hearing last week. But paying carries no penalties and refusing would be almost suicidal for many companies, especially the small and medium-sized. Too many…

Founded in 2017, by a former employee of the UK’s GCHQ intelligence agency, the company has offices in Bristol and Boston, helping both private and government organizations improve the cybersecurity skills of their employees. The new funding round, Immersive Labs says, will help it accelerate the delivery of a new Cyber Workforce Optimization platform. Leveraging…

The new service, named Advanced Monitoring and Incident Response (AMIR), is part of Honeywell’s Forge managed security services offering. It’s designed to help security teams detect and respond to attacks targeting industrial control systems (ICS) and operational technology (OT) networks. Honeywell says AMIR is designed to continuously monitor OT environments for suspicious events. It collects…

Working in collaboration with bug bounty platform Bugcrowd and government technology contractor Endyna, CISA introduced its VDP platform to help Federal Civilian Executive Branch (FCEB) agencies identify and address vulnerabilities in critical systems. The platform was launched in support of Binding Operational Directive (BOD) 20-01, through which the Department of Homeland Security (DHS) instructed all…