2021 can be described as the year of the software supply chain attack – the year in which SolarWinds opened the world’s eyes, and the extent of the threat became apparent.
Software Supply Chain Attacks Tripled in 2021: Study
SolarWinds Patches Serv-U Vulnerability Propagating Log4j Attacks
SolarWinds this week released patches for a Serv-U vulnerability that Microsoft says has been abused for the propagation of Log4j attacks.
NSA Authorized to Issue Binding Operational Directives to Boost NSS Cybersecurity
Google Pays Out Over $100,000 for Vulnerabilities Patched With Chrome 97 Update
Google on Tuesday announced the release of 26 security patches as part of its latest Chrome update, including one for a critical-severity bug.
A total of 22 vulnerabilities addressed with the latest Chrome refresh were reported by external researchers, including one critical-severity, 16 high-severity, and five medium-severity issues.
Microsoft Edge Adds Security Mode to Thwart Malware Attacks
A new security feature in the latest beta of the Microsoft Edge browser can help protect web surfers from zero-day attacks.
Project Zero: Zoom Platform Missed ASLR Exploit Mitigation
A prominent security researcher poking around at the Zoom video conferencing platform found worrying signs the company failed to enable a decades-old anti-exploit mitigation, a blunder that greatly increased exposure to malicious hacker attacks.
Oracle’s First Security Updates for 2022 Include 497 Patches
Oracle on Tuesday announced its first set of quarterly security updates for 2022, which include a total of 497 new patches. More than half of the addressed vulnerabilities can be exploited remotely without authentication.
Ukraine Attacks Involved Exploitation of Log4j, October CMS Vulnerabilities
Mandatory Chinese Olympics App Has ‘Devastating’ Encryption Flaw: Analyst
An app all attendees of the upcoming Beijing Olympics must use has encryption flaws that could allow personal information to leak, a cyber security watchdog said Tuesday.
Multi-Factor Authentication Bypass Led to Box Account Takeover
A vulnerability in Box’s implementation of multi-factor authentication (MFA) allowed attackers to take over victim’s accounts without having access to the victim’s phone, according to new research from Varonis.
