News

Intel has paid out more than $4.1 million through its bug bounty program since its creation in 2017, according to a product security report published by the chip giant on Wednesday. Between 2018 and 2021, Intel paid out, on average, $800,000 through its bug bounty program each year for vulnerabilities discovered in the company’s products. In 2022, it awarded $935,000.  Intel says a total of 243 vulnerabilities were reported in 2022, roughly the same as…

Read More

Virtualization technology giant VMware on Tuesday pushed out a major security fix to cover a critical vulnerability in its enterprise-facing Carbon Black App Control product. A critical-severity advisory from VMware tracks the vulnerability as CVE-2023-20858 and warns that hackers can launch injection exploits to gain full access to the underlying server operating system. “A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access…

Read More

Elon Musk’s Twitter started a security ruckus over the weekend with the sudden decision to turn off text message/SMS method of two-factor authentication (2FA) for anyone not subscribed to its paid Twitter Blue service. “While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors. So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA…

Read More

Spain’s National Court has agreed to the extradition to the U.S. of a British citizen who allegedly took part in computer attacks, including the July 2020 hacking of Twitter accounts of public figures such as Joseph Biden, Barack Obama and Bill Gates. A court statement Friday said requirements had been met for handing over Joseph James O’Connor to U.S. authorities for 14 charges covering crimes such as revelation of secrets, membership of a criminal gang,…

Read More

Malwarebytes warns of a remote code execution vulnerability impacting several Arris routers, for which proof-of-concept (PoC) exploit code has been released. Tracked as CVE-2022-45701, the bug exists because the router firmware does not properly neutralize special characters in requests, which allowed security researcher Yerodin Richards to perform shell script command injection. The impacted models have reached end-of-life (EOL) and are no longer supported by CommScope (the company that acquired Arris), meaning that they are unlikely…

Read More

A recently identified malware family is abusing Microsoft Internet Information Services (IIS) to deploy a backdoor and monitor all HTTP traffic to the infected system, Symantec reports. Dubbed Frebniis, the malware injects code into a DLL that an IIS feature called Failed Request Event Buffering (FREB) uses when troubleshooting failed requests. FREB collects data about the tracked requests, including HTTP headers with cookies, originating IP address and port, and more. As part of the observed…

Read More

Published XIoT vulnerabilities are trending down and have been since 2021. At the same time, the percentage of vulnerabilities published by the device manufacturer rather than third-party researchers is trending up. The clear implication is device manufacturers are taking greater responsibility for the security of their own devices. The reason is probably twofold: government pressure and commercial reality. The introduction of SBOM’s has focused manufacturers’ attention on the software make-up of their devices, while the…

Read More

Cloud monitoring, log management and SIEM solutions provider Sumo Logic is set to become a private company after it has entered into a definitive agreement to be acquired by affiliates of private equity firm Francisco Partners for $1.7 billion. Francisco Partners is prepared to pay $12.05 per share in cash. The law firm Kahn Swick & Foti has announced that it’s investigating the deal to determine if the price is adequate. Sumo Logic offers cloud-native…

Read More

Cloud security vendor Zscaler on Tuesday announced plans to acquire Israeli early-stage startup Canonic Security to expand its services into the red-hot software supply chain security business. Financial terms of the transaction were not disclosed. Canonic Security, based in Tel Aviv, Israel, emerged from stealth exactly a year ago with $6 million in seed-stage venture capital funding for technology in the third-party app governance space. The publicly traded Zscaler, based in San Jose, CalifCanonic’s platform…

Read More

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question the nature of modern warfare and the role of cyber in its operation. Here we will look at the use of cyber in the years leading to the kinetic war, and the use of cyber technology on the modern kinetic battlefield. We need to understand the meaning of cyber and the…

Read More