News

LiteSpeed Web Server vulnerabilities discovered by researchers at Palo Alto Networks can be exploited to take complete control of a targeted server. The security holes were discovered during an audit of OpenLiteSpeed, the open source version of the LiteSpeed performance-focused web server made by LiteSpeed Technologies. Both versions are impacted by the vulnerabilities and they have been patched with the release of OpenLiteSpeed 1.7.16.1 and LiteSpeed 6.0.12. LiteSpeed is a popular web server and an…

Read More

An analysis of the numerous LDAP queries that Russian cyberespionage group APT29 had made to the Active Directory system has led to the discovery of a vulnerability in Windows’ ‘credential roaming’ functionality. Also referred to as Cozy Bear, the Dukes, and Yttrium, APT29 is a Russian cyberespionage group likely sponsored by the Russian Foreign Intelligence Service (SVR). The group is believed to be responsible for multiple high-profile attacks, including the 2016 targeting of the Democratic…

Read More

Security posture management startup Veriti has emerged from stealth mode with $18.5 million raised in two funding rounds led by Insight Partners and NFX and AMITI. Founded in 2021, the Tel Aviv-based company seeks to help organizations improve their security posture by proactively and continually hunting for and addressing security gaps and misconfigurations across the entire business environment. Veriti says it has designed its Unified Security Posture Management platform based on feedback from CISOs and…

Read More

Canadian meat giant Maple Leaf Foods has confirmed that it is experiencing an outage after falling victim to a cyberattack. Created in 1991 by the merger of Canada Packers and Maple Leaf Mills, the packaged meats company is headquartered in Mississauga, Ontario. Maple Leaf Foods has more than 14,000 employees and has market presence in Canada, the US, and Asia, offering products under several brands, including Maple Leaf, Schneiders, Mina, Greenfield Natural Meat Co., Lightlife,…

Read More

Thirty-nine cybersecurity-related merger and acquisition (M&A) deals were announced in October 2022. An analysis conducted by SecurityWeek showed that more than 230 mergers and acquisitions were announced in the first half of 2022. October 1-15 11:11 Systems acquires Sungard Availability Services’ Recovery Services business  Managed infrastructure solutions provider 11:11 Systems has acquired the Recovery Services business of Sungard Availability Services. Earlier this year, 11:11 announced the acquisition of Sungard’s Cloud and Managed Services business. 11:11…

Read More

The mysticism that has allowed tech firms to make billions of dollars from surveillance is finally clearing, the boss of encrypted messaging app Signal told AFP. Meredith Whittaker, who spent years working for Google before helping to organise a staff walkout in 2018 over working conditions, said tech was “valorised” and “fetishised” when she first began in the industry in 2006. “The idea that technology represented the apex of innovation and progress was fairly pervasive…

Read More

For many, proactively monitoring ESG risks is not only the right thing to do – it’s the right business strategy. More than ever investors, consumers and partners are using ESG factors to determine who they do business with.  In this session, Mastercard’s Johan Gerber, EVP, Cyber and Security Products, discusses: ● New industry findings on how organizations are navigating this new landscape ● The strategies and tools needed to mitigate ESG risk on a business’s supply chain and…

Read More

The International Committee of the Red Cross said Thursday it is seeking support to create a “digital red cross/red crescent emblem” that would make clear to military and other hackers that they have entered the computer systems of medical facilities or Red Cross offices. The Geneva-based humanitarian organization said it was calling on governments, Red Cross and Red Crescent societies, and IT experts to join forces in developing “concrete ways to protect medical and humanitarian…

Read More

Fortinet on Tuesday informed customers about 16 vulnerabilities discovered in the company’s products, including six flaws that have been assigned a ‘high’ severity rating. One of the high-severity issues affects FortiTester and it allows an authenticated attacker to execute commands via specially crafted arguments to existing commands. FortiSIEM is affected by a vulnerability that allows a local attacker with command-line access to perform operations on the Glassfish server directly via a hardcoded password. The remaining…

Read More

A missing authentication check vulnerability in Azure Cosmos DB could have allowed an attacker to execute arbitrary code remotely, Orca Security warns. Azure Cosmos DB is a NoSQL database used on e-commerce platforms to store catalog data, and in order processing pipelines for event sourcing. The security defect was identified in Azure Cosmos DB Jupyter notebooks, an open-source interactive developer environment (IDE) that allows developers to share documents, live code, visualizations, and more. Built into…

Read More