featured

Cloud Security

Issued by: Security Week

Through a fully immersive virtual environment, attendees will be able to interact with end users tasked with securing various cloud environments and services, and gain insights from leading solution providers and industry experts. “SecurityWeek’s Cloud Security Summit will examine a broad range of topics, including cloud asset discovery and management, identity management and multi-factor authentication,…

Application Security

Issued by: Security Week

The open-source browser refresh is currently rolling out with support for Fetch Metadata Request Headers, which means that web applications can better protect users against cross-site request forgery (CSRF), cross-site leaks (XS-Leaks), and speculative cross-site execution side channel attacks (such as Spectre). With the newly introduced feature, web application servers can distinguish between same-origin and…

Vulnerabilities

Issued by: Security Week

Advisories describing the vulnerabilities were published this month by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Mitsubishi Electric. SecurityWeek has also obtained additional information from people involved in the discovery and disclosure of these flaws. One advisory describes a critical vulnerability that exposes the affected control systems to unauthenticated XML external entity injection…

Vulnerabilities

Issued by: Security Week

The issue has been a public embarrassment for Microsoft over the last two weeks as security researchers used social media to highlight major problems with Redmond’s mitigation guidance and the effectiveness of its out-of-band update. “We’re aware of claims and are investigating, but at this time we are not aware of any bypasses,” Microsoft said…

Application Security

Issued by: Security Week

Sevco Security, based in Austin, Texas, has raised $15 million in Series A funding led by SYN Ventures. The company said .406 Ventures, Accomplice, Bill Wood Ventures and fama Ventures also joined as investors. In a statement, Sevco Security said its platform delivers two values to customers: continuous converged visibility of all assets across siloed…

Vulnerabilities

Issued by: Security Week

Reports of in-the-wild exploitation emerged shortly after cybersecurity firm Positive Technologies released a proof-of-concept (PoC) exploit for the vulnerability tracked as CVE-2020-3580. Others also released PoC exploits shortly after. CVE-2020-3580 is one of the several XSS vulnerabilities patched in October 2020 by Cisco in its ASA and FTD products. Some of these flaws were reported…