SecurityWeek

VMware this week informed customers that it has patched several vulnerabilities in its ESXi, Workstation, Fusion and NSX-T products, including a critical flaw that allows arbitrary code execution.

The critical vulnerability, identified as CVE-2020-3992, has been described as a use-after-free issue that affects the OpenSLP service in ESXi.

read more

The Kremlin on Tuesday denied US claims that Russian military intelligence was behind cyber attacks targeting Ukraine's power grid, the 2017 French election and the 2018 Winter Olympic Games.

read more

The Internet of Things Security Foundation (IoTSF), an effort aimed at improving the security of IoT, has launched an online platform designed to make the reporting of vulnerabilities in IoT devices easier.

read more

A Chrome 86 update released by Google on Tuesday patches several high-severity vulnerabilities, including a zero-day that has been exploited in the wild.

read more

A problem that halted trading on the Paris stock market and others across Europe was a "middleware" issue and not a cyber attack, operator Euronext said Tuesday.

read more

The U.S. National Security Agency this week released an advisory containing information on 25 vulnerabilities that are being actively exploited or targeted by Chinese state-sponsored threat actors.

read more

Chinese state-sponsored hackers are targeting a Cisco Discovery Protocol vulnerability that was disclosed earlier this year, the networking giant and the U.S. National Security Agency revealed on Tuesday.

read more

Sweden is banning Chinese tech companies Huawei and ZTE from building new high-speed wireless networks after a top security official called China one of the country’s biggest threats.

read more

Adobe on Tuesday announced that it has released security updates for 10 of its products, patching a total of 20 vulnerabilities.

read more

Control servers included in the configuration file of new TrickBot samples fail to respond to bot requests, according to researchers at threat intelligence company Intel 471.

read more

Austin, Texas-based security product testing company NSS Labs has announced that it ceased operations on October 15, 2020.

“Due to Covid-related impacts, NSS Labs ceased operations on October 15th,” a message on the company’s website reads.

read more

Identity-focused intelligence company 4iQ on Tuesday announced that it has raised $30 million in a Series C funding round led by ForgePoint Capital and Benhamou Global Ventures.

read more

Simplifying Processes Helps to Enable Acceleration and Resilience and Optimizes Your Resources

read more

A security researcher says he has earned $20,000 for a high-severity GitHub Enterprise vulnerability that might have allowed an attacker to execute arbitrary commands.

GitHub Enterprise, the on-premises version of GitHub.com, is designed to make it easier for large enterprise software development teams to collaborate.

read more

The United Kingdom on Monday exposed and condemned cyberattacks that the Russian military intelligence service GRU allegedly launched against organizations involved in the 2020 Olympic and Paralympic Games that were set to take place in Tokyo this summer, but were postponed due to the COVID-19 pandemic.

read more

Irish privacy regulators have opened two investigations into Instagram over the social media site’s handling of young people’s personal data.

read more

Adobe last week patched a total of nine vulnerabilities in its Magento e-commerce platform, including two critical issues.

read more

The threat actor behind the Ryuk ransomware continues to conduct attacks following the recent attempts to disrupt the TrickBot botnet, CrowdStrike reports.

read more

Singapore will become the world's first country to use facial verification in its national ID scheme, but privacy advocates are alarmed by what they say is an intrusive system vulnerable to abuse.

read more

Kaspersky security researchers have identified versions of the GravityRAT spyware that are targeting Android and macOS devices.

read more