Chainguard Trains Spotlight on SBOM Quality Problem

Software engineers tracking the quality of software bill of materials have stumbled on a startling discovery: Barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.
read more Continue reading Chainguard Trains Spotlight on SBOM Quality Problem

Vendors Actively Bypass Security Patch for Year-Old Magento Vulnerability

Vendors and agencies are actively bypassing the security patch that Adobe released in February 2022 to address CVE-2022-24086, a critical mail template vulnerability in Adobe Commerce and Magento stores, ecommerce security firm Sansec warns.
read more Continue reading Vendors Actively Bypass Security Patch for Year-Old Magento Vulnerability

Exploited Control Web Panel Flaw Added to CISA ‘Must-Patch’ List

The US government’s cybersecurity agency CISA is giving federal agencies an early February deadline to patch a critical — and already exploited — security vulnerability in the widely used CentOS Control Web Panel utility.
read more Continue reading Exploited Control Web Panel Flaw Added to CISA ‘Must-Patch’ List

Researchers: Brace for Zoho ManageEngine ‘Spray and Pray’ Attacks

Security researchers tracking a known pre-authentication remote code execution vulnerability in Zoho’s ManageEngine products are warning organizations to brace for “spray and pray” attacks across the internet.
read more Continue reading Researchers: Brace for Zoho ManageEngine ‘Spray and Pray’ Attacks

Investors Bet Big on Subscription-Based Security Skills Training

Hack The Box, a British startup working on technology to simplify cybersecurity skills training, has banked a $55 million funding round as venture capital investors place big bets on the subscription-based talent assessment space.
read more Continue reading Investors Bet Big on Subscription-Based Security Skills Training

Adobe Plugs Security Holes in Acrobat, Reader Software

Software maker Adobe has rolled out its first batch of security patches for 2023 with fixes for at least 29 security vulnerabilities in a range of enterprise-facing products.
The most prominent update, for the widely deployed Adobe Acrobat and Reader s… Continue reading Adobe Plugs Security Holes in Acrobat, Reader Software

Zoom Patches High Risk Flaws on Windows, MacOS Platforms

Video messaging giant Zoom has released patches for multiple security vulnerabilities that expose both Windows and macOS users to malicious hacker attacks.
The vulnerabilities, in the enterprise-facing Zoom Rooms product, could be exploited in privileg… Continue reading Zoom Patches High Risk Flaws on Windows, MacOS Platforms