application security – Page 26

Apple Fixes Exploited Zero-Day With iOS 16.1 Patch

Posted on October 24, 2022 by Ryan Naraine

Apple on Monday shipped a major iOS update with fixes at least 20 documented security defects, including a kernel flaw that’s already being actively exploited in the wild.
read more Continue reading Apple Fixes Exploited Zero-Day With iOS 16.1 Patch→

Google’s GUAC Open Source Tool Centralizes Software Security Metadata

Posted on October 20, 2022 by Ionut Arghire

Google today introduced Graph for Understanding Artifact Composition (GUAC), an open source tool for centralizing build, security, and dependency metadata.
Developed in collaboration with Kusari, Purdue University, and Citi, the new project is meant to… Continue reading Google’s GUAC Open Source Tool Centralizes Software Security Metadata→

New PowerShell Backdoor Poses as Part of Windows Update Process

Posted on October 19, 2022 by Ionut Arghire

Cybersecurity firm SafeBreach has issued a warning about a new PowerShell backdoor that disguises itself as part of the Windows update process to remain fully undetected.
read more Continue reading New PowerShell Backdoor Poses as Part of Windows Update Process→

IDA Pro Owner Hex-Rays Acquired by European VC Firm

Posted on October 18, 2022 by Ryan Naraine

European venture capital and private equity firm Smartfin on Tuesday announced a deal to acquire Hex-Rays, the Belgian company behind the widely deployed IDA Pro software disassembler.
read more Continue reading IDA Pro Owner Hex-Rays Acquired by European VC Firm→

Zimbra Patches Under-Attack Code Execution Bug

Posted on October 17, 2022 by Ryan Naraine

Messaging and collaboration software maker Zimbra has rushed out patches to provide cover for a code execution flaw that has already been exploited to plant malware on target machines.
read more Continue reading Zimbra Patches Under-Attack Code Execution Bug→

Zoom for macOS Contains High-Risk Security Flaw

Posted on October 17, 2022 by Ryan Naraine

Video messaging technology powerhouse Zoom has rolled out a high-priority patch for macOS users alongside a warning that hackers could abuse the software flaw to connect to and control Zoom Apps.
read more Continue reading Zoom for macOS Contains High-Risk Security Flaw→

Timing Attacks Can Be Used to Check for Existence of Private NPM Packages

Posted on October 14, 2022 by Ionut Arghire

Container and cloud-native application security provider Aqua Security warns that the existence of private NPM packages can be disclosed by performing timing attacks.
read more Continue reading Timing Attacks Can Be Used to Check for Existence of Private NPM Packages→

Microsoft Warns of New Zero-Day; No Fix Yet For Exploited Exchange Server Flaws

Posted on October 11, 2022 by Ryan Naraine

Microsoft on Tuesday released software fixes to address more than 90 security defects affecting products in the Windows ecosystem and warned that one of the vulnerabilities was already being exploited as zero-day in the wild.
read more Continue reading Microsoft Warns of New Zero-Day; No Fix Yet For Exploited Exchange Server Flaws→

Patch Tuesday: Critical Flaws in ColdFusion, Adobe Commerce

Posted on October 11, 2022 by Ryan Naraine

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs to take complete control of vulnerable machines.
read more Continue reading Patch Tuesday: Critical Flaws in ColdFusion, Adobe Commerce→

Endor Labs Joins Race to Secure Software Supply Chain

Posted on October 10, 2022 by Ryan Naraine

It’s officially a venture capital funding frenzy in the software supply chain security space.
read more Continue reading Endor Labs Joins Race to Secure Software Supply Chain→