Several vulnerabilities, including some that have been rated “critical,” were found in the past months in Moxa’s MXview industrial network management software.
Moxa MXview Vulnerabilities Expose Industrial Networks to Attacks
Google Discovers Attack Exploiting Chrome Zero-Day Vulnerability
Google on Monday announced the release of 11 security patches for Chrome, including one for a vulnerability exploited in the wild.
Legit Security Raises $30M to Tackle Supply Chain Security
A team of Israeli entrepreneurs with roots in the application security ecosystem is taking a stab at software supply chain security with big backing from Bessemer Venture Partners.
Over 28,000 Vulnerabilities Disclosed in 2021: Report
Risk Based Security on Monday released its vulnerability report for 2021 and revealed that a record-breaking 28,695 flaws were disclosed last year, which represents a significant increase from the 23,269 disclosed in 2020.
CISA Says ‘HiveNightmare’ Windows Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 16 new CVE identifiers to its list of known exploited vulnerabilities, including a Windows flaw that federal agencies are required to patch within two weeks.
Feds Oppose Immediate Release of Voting Machine Report
A federal cybersecurity agency is reviewing a report that alleges security vulnerabilities in voting machines used by Georgia and other states and says the document shouldn’t be made public until the agency has had time to assess and mitigate potential risks.
Google Paid Out $8.7 Million in Bug Bounty Rewards in 2021
Google this week said it handed out a record $8.7 million in bug bounty payouts in 2021 as part of its Vulnerability Reward Programs (VRPs). A total of 696 researchers from 62 countries received bug bounties.
Vulnerabilities Found by Google Researchers in 2021 Got Patched on Average in 52 Days
Google’s Project Zero has observed a decrease in the overall time vendors need to address vulnerabilities reported by the bug hunting team.
Between 2019 and 2021, the team reported a total of 376 vulnerabilities and saw most of them (351) get patched. Of the remaining flaws, 14 are marked “WontFix” by the vendor and 11 remain unfixed.
Alphabet’s CapitalG Makes Big Bet on Salt Security
Salt Security is the latest addition to a growing list of cybersecurity startups boasting billion-dollar valuations.
The Palo Alto, Calif.-based Salt Security on Thursday announced a new $140 million funding round that brings its valuation to $1.4 billion and signals heightened investor interest in the API security space.
Apple Says WebKit Zero-Day Hitting iOS, macOS Devices
Apple’s struggles with zero-day attacks on its iOS and macOS platforms are showing no signs of slowing down.
For the second time in as many months, Cupertino released iOS, iPadOS and macOS updates to address a critical WebKit security defect (CVE-2022-22620) that exposes Apple devices to remote code execution attacks.
