Zoom Is Finally Testing Full End-to-End Encryption

Zoom Is Finally Testing Full End-to-End Encryption

Zoom finally announced that it’s starting to roll out end-to-end encryption (E2EE) for all users, marking a significant change in the security deployment of one of the most famous video-conferencing apps. The ...
CISA and FBI Observed APT Groups Targeting State Networks Related to US Election Systems

CISA and FBI Observed APT Groups Targeting State Networks Related to US Election Systems

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued an advisory after spotting advanced persistent threat (APT) actors exploiting multiple legacy vulnerabilities combined with a newer privilege escalation vulnerability—CVE-2020-1472—in Windows ...

Zerologon: Tripwire Industrial Visibility Threat Definition Update Released

Today, we released a Threat Definition Update bundle for our Tripwire Industrial Visibility solution to aid in the detection of Zerologon. Otherwise known as CVE-2020-1472, Zerologon made news in the summer of ...

Sonatype finds malicious npm packages which broadcast your IP, username, and device fingerprint info on the web

Sonatype researchers discovered and confirmed the presence of two new vulnerable npm packages. Sonatype’s discovery was initially made by its malicious code detection bots. By applying machine learning and artificial intelligence to ...
Instagram photo flaw could have helped malicious hackers spy via users’ cameras and microphones

Instagram photo flaw could have helped malicious hackers spy via users’ cameras and microphones

A critical vulnerability in Instagram’s Android and iOS apps could have allowed remote attackers to run malicious code, snoop on unsuspecting users, and hijack control of smartphone cameras and microphones. The security ...
Shopify Discloses Security Incident Involving Some Merchants’ Data

Shopify Discloses Security Incident Involving Some Merchants’ Data

Canadian multinational e-commerce company Shopify disclosed a security incident that involved the information of some of its merchants. On September 22, Shopify published an incident update on its website. This bulletin explained ...

Detecting Zerologon (CVE-2020-1472) with Zeek

By Yacin Nadji, Corelight Security Researcher CVE-2020-1472 aka Zerologon, disclosed by Tom Tervoort of Secura, is an illustrative case study of how a small implementation mistake in cryptographic routines cascades into a ...
New feature — Ability to compare any two code analysis scans

New feature — Ability to compare any two code analysis scans

New feature — Ability to compare results of any two code analysis scansShiftLeft Next Generation Static Code Analysis now allows you to compare any two versions of your code scans. By using the compare scans ...
Feds Propose ‘911’ Emergency Call for Reporting Security Flaws; Experts Warn It’s Easier Said Than Done

Feds Propose ‘911’ Emergency Call for Reporting Security Flaws; Experts Warn It’s Easier Said Than Done

CISA drafts directive to create a vulnerability disclosure policy for government websites and apps Agency seeks to centralize the effort via a standard vulnerability disclosure platform service next spring Cybersecurity veteran Katie ...
Severe TeamViewer Vulnerability Let Attackers Steal System Password

Severe TeamViewer Vulnerability Let Attackers Steal System Password

A security researcher found a severe TeamViewer vulnerability affecting Windows versions of the application 8 through 15, allowing attackers to steal system credentials. TeamViewer is a powerful tool for remote administration, but ...