Data Protection

Malware & Threats

Issued by: Security Week

The Intezer team identified a series of unprotected instances operated by organizations in technology, finance, and logistics sectors, which allowed anyone to deploy workflows. In some cases, the nodes have been targeted by malicious actors to deploy crypto-miners. An open-source, container-native workflow engine that runs on Kubernetes, Argo Workflows allows users to run parallel jobs…

Software Security

Issued by: Security Week

European bug bounty and vulnerability disclosure policy platform YesWeHack this week announced the closing of a €16 million ($18.8 million) round of venture capital financing. The Series B funding round included investments from Banque des Territoires and Eiffel Investment Group, as well as existing investors Normandie Participations and CNP Assurances. Founded in 2015, the YesWeHack platform…

Cloud Security

Issued by: Security Week

The world’s largest software company said Wednesday it would acquire CloudKnox, a Silicon Valley startup that sells tools to help companies manage and secure access to cloud accounts and data. Financial terms of the deal were not disclosed. CloudKnox, based in Sunnyvale, Calif., raised a total of $22.8 million in venture capital investments since its…

Application Security

Issued by: Security Week

The search advertising giant released a Chrome security refresh overnight with a warning that malicious hackers are actively exploiting a critical type confusion vulnerability to launch malware attacks. “Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild,” the company said in a cryptic line added to its advisory. The vulnerability…

Vulnerabilities

Issued by: Security Week

The Mountain View, Calif.-based Adobe urged Windows and macOS users to treat the PDF Reader patch with the utmost priority, because the flaws expose machines to remote code execution and privilege escalation attacks. The Acrobat and Reader update patches at least 19 documented vulnerabilities, all carrying the “critical” or “important” security ratings. ”Successful exploitation could…

Application Security

Issued by: Security Week

The open-source browser refresh is currently rolling out with support for Fetch Metadata Request Headers, which means that web applications can better protect users against cross-site request forgery (CSRF), cross-site leaks (XS-Leaks), and speculative cross-site execution side channel attacks (such as Spectre). With the newly introduced feature, web application servers can distinguish between same-origin and…

Vulnerabilities

Issued by: Security Week

The issue has been a public embarrassment for Microsoft over the last two weeks as security researchers used social media to highlight major problems with Redmond’s mitigation guidance and the effectiveness of its out-of-band update. “We’re aware of claims and are investigating, but at this time we are not aware of any bypasses,” Microsoft said…

Vulnerabilities

Issued by: Security Week

Microsoft’s confirmation of a new, unpatched Windows Print Spooler bug comes days after researchers noticed that published proof-of-concept code for a different vulnerability was reliably exploiting fully patched Windows machines. Microsoft’s own misdiagnosis of a Print Spooler flaw that was just patched in June this year also added to the confusion. In a pre-patch advisory…

Application Security

Issued by: Security Week

Sevco Security, based in Austin, Texas, has raised $15 million in Series A funding led by SYN Ventures. The company said .406 Ventures, Accomplice, Bill Wood Ventures and fama Ventures also joined as investors. In a statement, Sevco Security said its platform delivers two values to customers: continuous converged visibility of all assets across siloed…