Threat hunters at Microsoft and Symantec are sharing notes on a barrage of new cyberespionage attacks from Russia’s spy agency hitting organizations in Ukraine.
Microsoft, Symantec Share Notes on Russian Hacks Hitting Ukraine
Volexity Warns of ‘Active Exploitation’ of Zimbra Zero-Day
Malware hunters at Volexity are raising the alarm for a Chinese threat actor seen exploiting a zero-day flaw in the Zimbra email platform to infect media and government targets in Europe.
Attack Surface Management Play Censys Scores $35M Investment
The jostling for space in the attack surface management space intensified this week with Michigan startup Censys banking a new $35 million funding round to fuel growth and expansion.
Apple Patches ‘Actively Exploited’ iOS Security Flaw
Apple late Wednesday pushed out an urgent iOS update with fixes for 11 documented security flaws and warned that one of the vulnerabilities “may have been actively exploited.”
In a barebones advisory, Apple acknowledged the zero-day took aim at a memory corruption issue in IOMobileFrameBuffer, an oft-targeted iOS kernel extension.
UK’s NCSC Pushes NMAP Scanner Scripts to Fill Defender Gap
The U.K. government’s cybersecurity agency has announced plans to ship a collection of well-tested, reliable scanning scripts to help defenders find and fix high-priority software security vulnerabilities.
PrinterLogic Patches Code Execution Flaws in Printer Management Suite
PrinterLogic has released security updates to address a total of nine vulnerabilities in Web Stack and Virtual Appliance, including three security defects that carry “high severity” ratings.
Microsoft Restricts Excel 4.0 Macros by Default
Microsoft has announced improved security for the users of its flagship Office productivity suite, courtesy of Excel 4.0 (XLM) macros now being restricted by default.
Cloud Security Provider Anitian Raises $55 Million
Cloud security and compliance automation startup Anitian this week closed a $55 million Series B funding round led by Sageview Capital.
The new investment brings the total raised by Anitian $71 million and provides fresh capital to fuel ambitious expansion plans.
CISA Releases Final IPv6 Security Guidance for Federal Agencies
The U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released the final version of its IPv6 security guidance for federal agencies.
Prolific Chinese APT Caught Using ‘MoonBounce’ UEFI Firmware Implant
Threat hunters at Kaspersky have spotted a well-known Chinese APT actor using an UEFI implant to maintain stealthy persistence across reboots, disk formatting or disk replacements.