The jostling for space in the attack surface management space intensified this week with Michigan startup Censys banking a new $35 million funding round to fuel growth and expansion.
Attack Surface Management Play Censys Scores $35M Investment
VMware Warns of Log4j Attacks Targeting Horizon Servers
VMware is urging customers to patch their VMware Horizon instances as these systems have been targeted in a recent wave of attacks exploiting the Log4Shell vulnerability.
QNAP Warns NAS Users of DeadBolt Ransomware Attacks
Network-attached storage (NAS) solutions manufacturer QNAP on Wednesday warned users of a DeadBolt ransomware campaign targeting their devices, encouraging them to correctly secure any Internet-facing NAS and routers.
Apple Patches ‘Actively Exploited’ iOS Security Flaw
Apple late Wednesday pushed out an urgent iOS update with fixes for 11 documented security flaws and warned that one of the vulnerabilities “may have been actively exploited.”
In a barebones advisory, Apple acknowledged the zero-day took aim at a memory corruption issue in IOMobileFrameBuffer, an oft-targeted iOS kernel extension.
New Open Source Tool Helps Identify EtherNet/IP Stacks for ICS Research, Analysis
Industrial cybersecurity firm Claroty on Wednesday announced a new open source tool designed for identifying EtherNet/IP stacks.
According to the company, the new “EtherNet/IP & CIP Stack Detector” tool can be useful to security researchers, operational technology (OT) engineers, and asset owners.
Apple Pays Out $100,000 for Webcam, User Account Hacking Exploit
A security researcher claims to have received a significant bug bounty from Apple for reporting a series of Safari and macOS vulnerabilities that could have been exploited to hijack a user’s online accounts and webcam.
Polkit Vulnerability Provides Root Privileges on Linux Systems
Qualys security researchers warn of an easily exploitable privilege escalation vulnerability in polkit’s pkexec, a SUID-root program found in all Linux distributions.
SonicWall Customers Warned of Possible Attacks Exploiting Recent Vulnerability
Hackers have started targeting a recently patched vulnerability affecting SonicWall’s Secure Mobile Access (SMA) 100 series appliances, and while the attacks observed to date do not appear to have been successful, that could soon change.
UK’s NCSC Pushes NMAP Scanner Scripts to Fill Defender Gap
The U.K. government’s cybersecurity agency has announced plans to ship a collection of well-tested, reliable scanning scripts to help defenders find and fix high-priority software security vulnerabilities.
PrinterLogic Patches Code Execution Flaws in Printer Management Suite
PrinterLogic has released security updates to address a total of nine vulnerabilities in Web Stack and Virtual Appliance, including three security defects that carry “high severity” ratings.
