Cybersecurity firm SafeBreach has issued a warning about a new PowerShell backdoor that disguises itself as part of the Windows update process to remain fully undetected.
New PowerShell Backdoor Poses as Part of Windows Update Process
IDA Pro Owner Hex-Rays Acquired by European VC Firm
European venture capital and private equity firm Smartfin on Tuesday announced a deal to acquire Hex-Rays, the Belgian company behind the widely deployed IDA Pro software disassembler.
Zimbra Patches Under-Attack Code Execution Bug
Messaging and collaboration software maker Zimbra has rushed out patches to provide cover for a code execution flaw that has already been exploited to plant malware on target machines.
Zoom for macOS Contains High-Risk Security Flaw
Video messaging technology powerhouse Zoom has rolled out a high-priority patch for macOS users alongside a warning that hackers could abuse the software flaw to connect to and control Zoom Apps.
Timing Attacks Can Be Used to Check for Existence of Private NPM Packages
Container and cloud-native application security provider Aqua Security warns that the existence of private NPM packages can be disclosed by performing timing attacks.
Microsoft Warns of New Zero-Day; No Fix Yet For Exploited Exchange Server Flaws
Microsoft on Tuesday released software fixes to address more than 90 security defects affecting products in the Windows ecosystem and warned that one of the vulnerabilities was already being exploited as zero-day in the wild.
Patch Tuesday: Critical Flaws in ColdFusion, Adobe Commerce
Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs to take complete control of vulnerable machines.
Endor Labs Joins Race to Secure Software Supply Chain
It’s officially a venture capital funding frenzy in the software supply chain security space.
Former Uber CISO Joe Sullivan Found Guilty Over Breach Cover-Up
A San Francisco jury on Wednesday found former Uber security chief Joe Sullivan guilty of covering up a 2016 data breach and concealing information on a felony from law enforcement.
KKR Boosts NetSPI Stake with $410 Million Investment
Private equity giant KKR is expanding its big bet on penetration testing and attack surface management firm NetSPI with a new $410 million investment round.
