Security News > 2020
The most serious of the holes, CVE-2020-3947, is a vulnerability in VMware Workstation and Fusion that can be exploited by a miscreant or malware in a guest VM to gain code execution on the host box via the vmnetdhcp component. "Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine," VMware said of the bug.
Thales and Telstra, Australia's leading telecommunications company are working with Microsoft and Arduino to pave the way for scalable security for connected IoT devices, by implementing a solution that enables trusted and secure end-to-end communication between device and cloud. That's why Thales, Telstra, Microsoft and Arduino decided to team up to work on a solution that addresses the challenge of securely and efficiently connecting IoT devices to clouds in the most simplified way and through cellular networks.
By orchestrating the many vulnerability scanning tools organizations use, ZeroNorth bridges the gap between application security, development and security operations. In 2019, ZeroNorth increased annual recurring revenue by more than 300% while doubling its customer base.
Cohesity announces the appointment of Junichi Iwakami as President and Representative Director of Cohesity Japan, effective on March 16, 2020. Under his leadership, Cohesity Japan will continue delivering modern data management software that enables businesses to easily back up, store, manage, and derive insights from their data - on-premises, in the cloud, and at the edge - through the Cohesity DataPlatform.
Setting out to find out, the researcher turned to the main domain registrars - GoDaddy, Namecheap and even Google Domains - to first see if he could snag appropriate URLs. "The great thing about using a proxy is that my domain's links previews, in every single platform, fetches Google Translate's exact description while pointing to my link," the researcher explained.
US Health and Human Services targeted by DDoS scum at just the time it's needed to be up and running
In an impeccable instance of horrible timing, the US government's Department of Health and Human Services says it fended off a cyberattack by online scumbags. The attack - presumably not a load of citizens hitting Uncle Sam's web servers looking for information - did not, we're told, have had any serious impact on operations, but with American's desperate for information about the coronavirus pandemic, the attempted takedown came at the worst possible time.
The U.S. Department of Health and Human Services was targeted with a distributed denial-of-service attack on Sunday, but the agency said it did not experience any significant disruption as a result of the incident. "Incident response takes time, and as this just occurred last night, more time for investigations will be required. Based on reporting, this appears to be some sort of denial of service attack and the barrier to entry for DOS attacks are low."
"The sophisticated cyberattacks that are the hallmark of nation state attacks often target digital keys and certificates that serve as machine identities." Over the last decade, there have been dozens of devastating attacks on government systems and infrastructure by militaries, with the severity and impact increasing as the years go by.
Microsoft Edge is one of the least private web browsers - even more so than other popular browsers like Google Chrome and Mozilla Firefox - according to academic researchers. According to the analysis, from Douglas Leith with the School of Computer Science and Statistics at Trinity College in Ireland, Edge sends privacy-invasive telemetry to Microsoft's back-end servers - including "Persistent" device identifiers and URLs typed into browsing pages.
Checkmarx, a provider of tools for testing source code for security issues, announced on Monday that private equity firm Hellman & Friedman has agreed to acquire a majority of the Company from Insight Partners in a deal valuing Checkmarx at $1.15 billion. "Checkmarx enables organizations to deliver secure software faster, by making security excellence intrinsic to software development," Checkmarx explaines.