Information Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
Vendors and agencies are actively bypassing the security patch that Adobe released in February 2022 to address CVE-2022-24086, a critical mail template vulnerability in Adobe Commerce and Magento stores, ecommerce security firm Sansec warns. read more
Continue ReadingElectric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to complete vehicle compromise. read more
Continue ReadingMicrosoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s already been exploited to escape the browser sandbox. read more
Continue ReadingData security software vendor Netwrix has acquired Remediant, an early-stage startup working on technology in the PAM (privileged access management) category. Financial terms of the acquisition were not disclosed. read more
Continue ReadingMicrosoft has silently fixed an important-severity security flaw in its Azure Container Service (ACS) after an external researcher warned that a buggy feature allowed cross-tenant network bypass attacks. read more
Continue ReadingMicrosoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks. The operating system update, released as part of Microsoft’s scheduled Patch Tuesday, addresses a flaw that lets malicious attackers use rigged files to evade MOTW (Mart of the Web) defenses. read more
Continue ReadingFortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the flaw in the wild. read more
Continue ReadingApple on Wednesday announced plans to beef up data security protections on its flagship devices with the addition of new encryption tools for iCloud backups and a feature to help users verify identities in the Messages app. read more
Continue ReadingThe U.S. government’s mandates around the creation and delivery of SBOMs (software bill of materials) to help mitigate supply chain attacks has run into strong objections from big-name technology vendors. read more
Continue ReadingHigh-flying security compliance and automation startup Drata continues to attract major venture capital investor interest, banking $200 million in Series C funding that values the company north of $2 billion. read more
Continue Reading