Citrix Patches Critical Vulnerability in ADC, Gateway
The most severe of the two bugs is CVE-2021-22955, a critical security hole that could lead to a DoS condition on appliances that have been configured as a VPN (Gateway) or AAA virtual server. The security flaw was identified in Citrix Application Delivery Controller (ADC, formerly NetScaler ADC), and Gateway (formerly NetScaler Gateway). Tracked as…
Zero Trust: What NIST’s Guidelines Mean for Your Resources
In May, The White House released an executive order on improving the nation’s cybersecurity. The order came with various directives for Federal Civilian Executive Branch agencies. Among other efforts, the order focused on the federal government’s advance toward zero trust architecture (ZTA). It framed this journey as one “which shall incorporate, as appropriate, the migration…
Application Security Startup Wabbi Raises Over $2 Million in Seed Funding
The funding round was led by Mendoza Ventures, with participation from Cisco Investments and several other companies and angel investors. Wabbi plans on using the money to scale its team. The company offers a continuous security platform designed to help organizations develop secure software. Its capabilities include vulnerability management, policy management and compliance monitoring, and…
Fuji Electric Patches Vulnerabilities in Factory Monitoring Software
The security holes, identified by a researcher who uses the online moniker “kimiya,” were discovered in the Tellus Lite V-Simulator and V-Server Lite products, which are used worldwide to remotely monitor and operate factories. Versions prior to 4.0.12.0 are affected. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday published an advisory to inform…
Zerodium Buying Zero-Day Exploits Targeting VPN Software
Specifically, the company wants to acquire exploits that work against the Windows versions of the ExpressVPN, NordVPN and Surfshark applications. These VPN services have millions of users. Zerodium is looking for remote code execution, IP address leak, and other information disclosure exploits. It does not want to acquire local privilege escalation vulnerabilities. The company has…
Russia-Linked TA505 Back at Targeting Financial Institutions
The attacks target organizations across multiple sectors in Canada, the United States, Hong Kong, Europe, and more, and have seen low detection rates in Google’s VirusTotal scanning engine. Dubbed MirrorBlast, the campaign started in early September, following similar activity in April 2021, Morphisec’s security researchers reveal. The infection chain starts with a malicious document delivered…
8 Ways to “Fight the Phish” this Cybersecurity Awareness Month
We’ve all been targeted in phishing attacks — fake messages from a seemingly trusted or reputable source designed to convince you to click on a malicious link, reveal information, give unauthorized access to a system or execute a financial transaction. During this second week of Cybersecurity Awareness Month, pay extra attention to those emails, text…
InHand Router Flaws Could Expose Many Industrial Companies to Remote Attacks
The flaws were discovered nearly one year ago by researchers at industrial cybersecurity firm OTORIO in IR615 LTE routers made by industrial IoT solutions provider InHand Networks. The company has offices in China, the U.S. and Germany, and its products are used all around the world. InHand says its customers include Siemens, GE Healthcare, Coca…
Google Patches Four Severe Vulnerabilities in Chrome
Tracked as CVE-2021-37977, the most severe of these security holes could be exploited to achieve arbitrary code execution on a target system. The flaw, described as a use-after-free bug in Garbage Collection, was reported last month by an anonymous researcher. Google says it paid a $10,000 bounty reward for the finding. Now rolling out to…
Cloud Services Providers Introduce Trusted Cloud Principles
Trusted Cloud Principles signatories say they are committed to maintaining consistent human rights standards across their services, while also ensuring that cloud services providers’ interests are protected. The initiative has received support from heavy industry names, including Amazon, Atlassian, Cisco, Google, Microsoft, and IBM, among others. “Trusted Cloud Principles signatories are committed to protecting the…
