Palo Alto Networks Buys Bridgecrew in ‘Shift Left’ Cloud Security Push
The two sides said the deal is valued at $156 million in cash and is expected to close in the third quarter this year. For Palo Alto, the deal is part of a strategy to spend big to snap up early-stage companies in the cloud security and DevOps workflow space. The Bridgecrew deal follows a…
Accellion to Retire File Transfer Service Targeted in Attacks
The 20-year-old service is planned for retirement on April 30, 2021, past which Accellion won’t renew licenses for the software. FTA runs on CentOS 6, an operating system that reached end-of-life on November 30, 2020, a matter that Accellion brought to the attention of FTA customers six months ago. Despite efforts to completely move away…
Vulnerability in VMware vSphere Replication Can Facilitate Attacks on Enterprises
vSphere Replication, a VMware vSphere component, is a virtual machine replication engine designed for data protection and disaster recovery. VMware has told customers that several versions of the product are affected by a high-severity (important) command injection vulnerability that can be exploited by a hacker with admin privileges to execute shell commands on the underlying…
Mobile Health Apps Found to Expose Records of Millions of Users
Research conducted by Alissa Knight, partner at marketing agency Knight Ink, on behalf of mobile API threat protection firm Approov showed that the applications are to API attacks that unauthorized parties could leverage to access protected health information (PHI) and personally identifiable information (PII). With people increasingly relying on mHealth apps during the COVID-19 pandemic,…
SecurityWeek to Host Supply Chain Security Summit on March 10, 2021
In the wake of the SolarWinds mega-hack that continues to unravel, software supply chain security and fragility is again on the front-burner for enterprise security decision makers. The complexity and opaqueness of the software supply chain has led to nation-state compromises and major worries that we’re only seeing the tip of the iceberg. Free to…
Critical Vulnerability Patched in SAP Commerce Product
Tracked as CVE-2021-21477 and featuring a CVSS score of 9.9, the critical issue could be abused for remote code execution, SAP explains in its advisory. The vulnerability impacts SAP Commerce if the rule engine extension is installed. Meant to define and execute rules to manage decision-making scenarios, the rule engine uses a ruleContent attribute offering…
Critical Firefox Vulnerability Can Allow Code Execution If Chained With Other Bugs
In its advisory for the vulnerability — the bug currently does not have a CVE identifier — Mozilla described it as a “buffer overflow in depth pitch calculations for compressed textures.” The issue, reported by researchers Abraruddin Khan and Omair through Trend Micro’s Zero Day Initiative (ZDI), apparently only impacts Firefox running on Windows —…
Google Launches Database for Open Source Vulnerabilities
OSV should make it easier for the users of open source software to find out which vulnerabilities impact them. It can also help maintainers of open source software accurately identify all versions and commits impacted by a flaw across all their branches. Google OSVFor consumers, Google says OSV provides a database that can be easily…
Vulnerabilities in Realtek Wi-Fi Module Expose Many Devices to Remote Attacks
The low-power Wi-Fi module is designed for use in embedded devices, and is being used in a broad range of industries, including automotive, agriculture, energy, healthcare, industrial, and security. The RTL8195A chip supports WEP, WPA and WPA2 authentication modes, and Vdoo discovered that the WPA2 handshake mechanism is prone to stack overflow and out-of-bounds read…
What you need to know about changes to Microsoft’s Security Update Guide
Microsoft recently changed how it presents and explains its security vulnerabilities in its products. The new security guide aligns itself with security and industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System (CVSS), which presents a vulnerability’s key characteristics and assigns a numerical score to its severity. The intent of that score…
