Data Protection

Network Security

Issued by: Security Week

Just like the private sector, the federal government is well aware of the importance of cybersecurity, which is why it allocates billions of dollars every year for solutions and services designed to protect data, systems and infrastructure. However, while government contracts can be highly lucrative, contractors need to ensure that they comply with federal requirements…

Mobile Security

Issued by: Security Week

The legal salvo came as problems are mounting for TikTok in the United States, with multiple accusations that the extremely popular app is a national security threat and a conduit for spying by China. “The TikTok app is a malicious and menacing threat unleashed on unsuspecting Indiana consumers by a Chinese company that knows full…

Malware & Threats

Issued by: Security Week

For the second consecutive month, the world’s largest software maker rushed out patches to cover vulnerabilities that were already exploited as zero-days in the wild, including a pair of belated fixes for Microsoft Exchange Server security defects targeted by a state-sponsored threat actor for several months. As part of its scheduled Patch Tuesday update process,…

Vulnerabilities

Issued by: Security Week

The world’s largest software maker is warning that China-based nation state threat actors are taking advantage of a one-year-old law to “stockpile” zero-days for use in sustained malware attacks. According to a new report released Friday by Microsoft, China’s government hacking groups have become “particularly proficient at discovering and developing zero-day exploits” after strict mandates…

Application Security, Software Security

Issued by: Security Week

Bearer, a San Francisco-based company founded in 2018, has received a $4 million investment from Kima Ventures, Partech and Point Nine, bringing the total raised by the company to $8 million. The startup’s data security SaaS solution helps organizations identify technical and business logic flaws in code during the development cycle, and ensure data security…

Mobile Security

Issued by: Security Week

The Cupertino device maker confirmed the active exploitation of CVE-2022-42827, warning in a barebones advisory that the flaw exposes iPhones and iPads to arbitrary code execution attacks. “An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited,” Apple said…

Software Security

Issued by: Security Week

Founded in 2012, the New York-based company offers Data Embassy, a software platform that aims to protect data in use by applying pseudonymization and other techniques to transform the data into ‘Variant Twins’, representing non-identifiable but fully accurate assets. Courtesy of multi-level data privacy and security controls, the company says, Variant Twins can be used…

Vulnerabilities

Issued by: Security Week

The vulnerability, which carries a CVSS severity score of 7.3/10, is documented as a debugging port misconfiguration that is opened by the Zoom client on macOS machines. Details from Zoom’s advisory: Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When…

Application Security, Software Security

Issued by: Security Week

The investment round was led by Accomplice, with participation from Joule Ventures, OurCrowd, Trust Ventures, Ulysses, and several angel investors. Founded in December 2021, the New York-based company provides a biometric security and privacy application for protecting digital accounts across banking, email, investing, and healthcare services. IronVest says its solution takes a decentralized approach to…