Trend Micro’s Zero Day Initiative (ZDI) on Wednesday announced the targets, prizes and rules for Pwn2Own Vancouver 2022, scheduled to take place May 18-20 alongside the CanSecWest conference.
ZDI Announces Rules and Prizes for Pwn2Own 2022
Apple Patches iOS HomeKit Flaw After Researcher Warning
Apple has released an iOS security update with a fix for a persistent denial-of-service flaw in the HomeKit software framework but only after an independent researcher publicly criticized the company for ignoring his discovery.
Mozilla Patches High-Risk Firefox, Thunderbird Security Flaws
Mozilla has released Firefox 96 with patches for 18 security vulnerabilities affecting its flagship web browser and the Thunderbird mail program.
Of the newly patched security flaws, nine are rated high-severity while six carry a “medium-severity” rating.
Security Validation Firm Pentera Raises $150 Million at $1 Billion Valuation
Automated security validation firm has now raised nearly $190 million in funding
Boston, USA and Tel Aviv, Israel-based automated security validation (ASV) firm Pentera has raised $150 million in a Series C funding round led by K1 Investment Management, with participation from Evolution Equity Partners and Insight Partners.
Microsoft Introduces New Security Update Notifications
Microsoft this week announced updated notifications for the Security Update Guide, the page where the tech company informs users of vulnerabilities that affect Microsoft products.
ICS Patch Tuesday: Siemens, Schneider Electric Address 40 Vulnerabilities
The first round of security advisories released by Siemens and Schneider Electric in 2022 address a total of 40 vulnerabilities.
Siemens
CISA Adds 15 Recent and Older Vulnerabilities to ‘Must-Patch’ List
The United States Cybersecurity and Infrastructure Security Agency (CISA) this week added 15 more vulnerabilities to its list of security bugs known to be exploited in malicious attacks.
U.S. Issues Fresh Warning Over Russian Cyber Threats as Ukraine Tensions Mount
Several U.S. government agencies have issued a joint cybersecurity advisory to provide an overview of cyber operations linked to Russia. The advisory comes as tensions mount over a potential Russian invasion of Ukraine.
SAP Patches Log4Shell Vulnerability in More Applications
German software maker SAP this week announced its first set of security updates for 2022, including patches for more applications affected by the Log4Shell vulnerability.
Patch Tuesday: Microsoft Calls Attention to ‘Wormable’ Windows Flaw
Microsoft’s first batch of patches for 2022 is a big one: 97 documented security flaws in the Windows ecosystem, some serious enough to cause remote code execution attacks.
