Category: Uncategorized
-
Zoom Paid Out $10 Million via Bug Bounty Program Since 2019 Eduard Kovacs
Video conferencing giant Zoom has paid out $10 million through its bug bounty program since it was launched in 2019. The post Zoom Paid Out $10 Million via Bug Bounty Program Since 2019 appeared first on SecurityWeek. Read More
-
Microsoft’s Security Chickens Have Come Home to Roost Ryan Naraine
News analysis: SecurityWeek editor-at-large Ryan Naraine reads the CSRB report on China’s audacious Microsoft’s Exchange Online hack and isn’t at all surprised by the findings. The post Microsoft’s Security Chickens Have Come Home to Roost appeared first on SecurityWeek. Read More
-

Ivanti Rushes Patches for 4 New Flaw in Connect Secure and Policy Secure [email protected] (The Hacker News)
Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS). The list of flaws is as follows – CVE-2024-21894 (CVSS score: 8.2) – A heap overflow vulnerability in the IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy…
-
XZ Utils Supply Chain Attack (CVE-2024-3094)
What is the vulnerability/attack? A malicious code was discovered embedded in the XZ Utils, a data compression software included in major Linux distributions. This vulnerability tracked under CVE-2024-3094 results from a supply chain attack on versions 5.6.0 and 5.6.1 of the related tools and libraries. A security researcher found the malicious code when he experienced…
-

Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies [email protected] (The Hacker News)
Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows – CVE-2024-29745 – An information disclosure flaw in the bootloader component CVE-2024-29748 – A privilege escalation flaw in the firmware component “There are indications that the [Read More
-

U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers [email protected] (The Hacker News)
The U.S. Cyber Safety Review Board (CSRB) has criticized Microsoft for a series of security lapses that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based nation-state group called Storm-0558 last year. The findings, released by the Department of Homeland Security (DHS) on Tuesday, found that the…
-
Number of Chinese Devices in US Networks Growing Despite Bans Eduard Kovacs
An analysis by Forescout shows 300,000 Chinese devices in the US, up 40% compared to the previous year, despite bans. The post Number of Chinese Devices in US Networks Growing Despite Bans appeared first on SecurityWeek. Read More
-
Know Your Audience When Speaking to Security Practitioners Joshua Goldfarb
How can security practitioners make sense of the vendor landscape and separate those who talk a good game from those who can execute, perform, and solve real problems for enterprises? The post Know Your Audience When Speaking to Security Practitioners appeared first on SecurityWeek. Read More
-
CVE and NVD – A Weak and Fractured Source of Vulnerability Truth Kevin Townsend
MITRE is unable to compile a list of all new vulnerabilities, and NIST is unable to subsequently, and consequently, provide an enriched database of all vulnerabilities. What went wrong, and what can be done? The post CVE and NVD – A Weak and Fractured Source of Vulnerability Truth appeared first on SecurityWeek. Read More
-
How to conduct a data privacy audit, step by step
Post ContentRead More
