security

Vulnerabilities

Issued by: Security Week

On Friday, security researcher RyotaK published information on three vulnerabilities in PyPI, one of which could potentially lead to the compromise of the entire PyPI ecosystem. Python Package Index (PyPI) is the official third-party software repository for the Python programming language, with some package managers using it as the default source for packages and dependencies….

Network Security

Issued by: Security Week

The funding, which brings the total raised by the firm to $21 million, came from OurCrowd, HIVE2040 (by Avnon Group), Atlantica Group, and AWZ Ventures. The money will be used by the company to expand and improve its solutions. NanoLock Security has also announced expanding its executive team and the acquisition of two new patents….

Malware & Threats

Issued by: Security Week

Malvuln, an interesting project of security researcher John Page (aka hyp3rlinx), catalogues vulnerabilities discovered in malware and provides information on how those vulnerabilities can be exploited. Since launching the project in early January 2021, Page has discovered more than 260 vulnerabilities across an estimated 105 individual malware families, including trojans, worms, backdoors, droppers, and ransomware….

Vulnerabilities

Issued by: Security Week

Reports of in-the-wild exploitation emerged shortly after cybersecurity firm Positive Technologies released a proof-of-concept (PoC) exploit for the vulnerability tracked as CVE-2020-3580. Others also released PoC exploits shortly after. CVE-2020-3580 is one of the several XSS vulnerabilities patched in October 2020 by Cisco in its ASA and FTD products. Some of these flaws were reported…

Mobile Security

Issued by: Security Week

The European Union last year unveiled tough draft rules targeting tech giants like Apple, Google, Amazon and Facebook that could shake up the way Big Tech does business. Cook, speaking at the VivaTech convention for startups in Paris, took aim at some of the rules that target online “gatekeepers” such as Apple which controls which…

Vulnerabilities

Issued by: Security Week

Tracked as CVE-2021-22893, the vulnerability was made public in late April, after security researchers discovered that threat actors had already been exploiting it in attacks targeting organizations in the defense, financial, government, high tech, and transportation sectors in the U.S. and Europe. At the time, FireEye revealed that at least two Chinese threat actors believed…

Network Security

Issued by: Security Week

The funding came from ClearSky Security, DNX Ventures, and South Dakota Equity Partners, and Query.AI says it will be used to accelerate adoption of its product. Query.AI has developed what it describes as a security investigations control plane designed to help security teams investigate and respond to incidents by giving them real-time access and centralized insights…

Malware & Threats

Issued by: Security Week

The attacks start with spear-phishing messages that employ lures relevant to the targeted organizations, such as aviation, travel, and cargo, and deliver an image that pretends to be a PDF file and which contains an embedded link. The attackers abuse legitimate web services and they leverage a newly identified loader dubbed Snip3 for the delivery…