Security News > 2022 > May > Week in review: F5 BIG-IP RCE exploitation, URL spoofing flaws in Zoom, Google Docs

Week in review: F5 BIG-IP RCE exploitation, URL spoofing flaws in Zoom, Google Docs
2022-05-15 08:30

Researchers uncover URL spoofing flaws on Zoom, Box, Google DocsResearchers have discovered several URL spoofing bugs in Box, Zoom and Google Docs that would allow phishers to generate links to malicious content and make it look like it's hosted by an organization's SaaS account.

A 10-point plan to improve the security of open source softwareThe Linux Foundation and the Open Source Software Security Foundation, with input provided by executives from 37 companies and many U.S. government leaders, delivered a 10-point plan to broadly address open source and software supply chain security, by securing open source security production, improving vulnerability discovery and remediation, and shortening the patching response time of the ecosystem.

The SaaS-to-SaaS supply chain is a wild, wild messThe SaaS-to-SaaS supply chain continues to grow uninhibited, without alerting security teams on new risks and connections created by non-human identities that cannot be resolved using traditional security controls designed for human-to-app interactions.

Threats to hardware security are growingIn this video for Help Net Security, Jason Oberg, CTO at Tortuga Logic, talks about the growing hardware security threats.

Shrinking healthcare cybersecurity gaps between hospitals and manufacturersIn this video for Help Net Security, Christopher Gates, Director of Product Security at Velentium, talks about the gaps in healthcare cybersecurity, as well as the new FDA premarket cybersecurity guidance for medical device manufacturers and Health Sector Coordinating Council's model contract language template.

Download guide: Evaluating third-party security platformsA comprehensive third-party security program can align your vendor's security with your internal security controls and risk appetite.


News URL

https://www.helpnetsecurity.com/2022/05/15/week-in-review-f5-big-ip-rce-exploitation-url-spoofing-flaws-in-zoom-google-docs/