Microsoft emergency update fixes authentication issues in Windows AD
After installing Windows Upgrades given on the May 2022 Patch Tuesday on domain controllers, Microsoft has released emergency out-of-band (OOB) updates to solve Active Directory (AD) authentication problems.
Since May 12, the corporation has been working on a patch for a known vulnerability that... Read more
CISA issues warning about VMware and F5 vulnerabilities
The threats could impact a large number of companies, the agency says.
The U.S. Cybersecurity and Infrastructure Security Agency has issued alerts about five software vulnerabilities that likely affect a large number of organizations.
Four of the vulnerabilities were found in VMware Inc. prod... Read more
Hackers win $800,000 for attacks on Teams, Ubuntu and more
The first day of Pwn2Own Vancouver was a success. Participants won a combined $800,000 for hacking widely used software, including Microsoft Teams, Oracle Virtualbox and Ubuntu Desktop.
Once or twice a year, Zero Day Initiative organizes a hacking contest to promote and reward security research.... Read more
Thales acquires two cybersecurity companies
Thales announced that it had reached an agreement with Sonae Investment Management to buy two European cybersecurity firms, S21sec and Excellium, for 120 million euros ($125.32 million).
In a statement, Europe's largest armaments electronics company, which also develops civil aviation components... Read more
Critical authentication bypass flaw in multiple VMware products
VMware urges customers to immediately patch a critical authentication bypass flaw affecting multiple products.
Two vulnerabilities allows attackers with backdoor access to gain admin privileges on multiple VMware products -- and that's not a good thing.
Bruno Lopez of Innotec Security w... Read more
Barracuda unveils new web application and API security capabilities
Barracuda's WAAP platform offers increased protection on multiple fronts.
This week, Barracuda announced the expansion of Barracuda Cloud Application Protection, its platform for Web Application and API Protection (WAAP). The new release adds automated API Discovery and GraphQL security capabili... Read more
‘Millions of attacks on WordPress plugin Tatsu’
Researchers from security specialist Worldfence discovered millions of attacks on outdated versions of WordPress plugin Tatsu. Attackers are dropping malware with ease.
The newly found attacks target a remote code execution vulnerability in the WordPress plugin Tatsu. Tatsu is a no-code page bu... Read more
New Bluetooth relay attack leaves devices vulnerable
Security researchers from NCC Group discovered a relay attack method for accessing Bluetooth devices. Some car models are affected.
The newly discovered relay attack allows hackers to access Bluetooth devices such as cars with wireless locks. These locks are typically opened with mobile devices... Read more
How do you interpret the results of MITRE ATT&CK evaluations?
Not all detections are created equal. Keep that in mind when choosing cybersecurity tools.
The cybersecurity market is very fragmented. Organizations looking to improve their security posture have a tremendously wide range of solutions to choose from. This ensures that there are many offerings f... Read more
Research: new tools and security measures often counterproductive
Research by Zivver reveals that although companies have accelerated their innovation efforts in the past two years, many challenges remain. Employees that participated in the study complain about security measures that are counterproductive and slow down work. Many applications have been added in t... Read more