Security News

ECS, a leader in advanced technology, science, and engineering solutions, announced an expansion of its services as a Google Cloud Platform partner. Through the ECS Cloud Center of Excellence, ECS delivers solutions from leading cloud service providers to deploy mission-critical workloads to some of the largest organizations in the world.

BioCatch, the global leader in behavioral biometrics, announced it has completed a $145 million Series C investment led by Bain Capital Tech Opportunities, the growth investing business of Bain Capital. The investment will accelerate BioCatch's rapid growth, broaden its product offerings and further support its expanding client base into new verticals.

Google just issued a Chrome update with a note that says, "This update includes 1 [critical] security fix." The bug itself is still a secret, even though the Chromium core of the Chrome browser is an open source project.

By pairing the system with human security experts, Microsoft said it was able to develop an algorithm that was not only able to correctly identify security bugs with nearly 100% accuracy, but also correctly flag critical, high priority bugs 97% of the time. According to Microsoft, its team of 47,000 developers generate some 30,000 bugs every month across its AzureDevOps and GitHub silos, causing headaches for security teams whose job it is to ensure critical security vulnerabilities don't go missed.

A critical vulnerability in VMware's vCenter management product allowed any old bod on the same network to remotely create an admin-level user, research by Guardicore Labs has revealed. The astonishing vuln, details of which were quite spare when VMWare issued a patch last week, was rated by VMware itself as CVSS v3 10.0, the highest level.

Cisco this week released security patches to address numerous vulnerabilities across its products, including critical severity flaws that impact IP Phones and UCS Director. The critical vulnerability patched in IP Phones impacts the web server and could allow a remote, unauthenticated attacker to execute code with root privileges.

KORE, the independent global IoT leader, announced the launch of a new comprehensive managed services solution for Critical Asset Management, utilizing the Visilion asset tracking platform from Sony Network Communications Europe. KORE's solution introduces a new level of condition management, allowing companies in the medical instrumentation, pharmaceutical, and food and beverage industries to maintain real-time condition visibility of critical and high-value goods.

Cisco is warning of a critical flaw in the web server of its IP phones. Cisco issued patches in a Wednesday advisory for the flaw, which affects various versions of its Cisco IP phones for small- to medium-sized businesses.

Among the vulnerabilities fixed are critical flaws affecting a variety of Cisco IP phones and Cisco UCS Director and Cisco UCS Director Express for Big Data, its unified infrastructure management solutions for data center operations. Jacob Baines, a research engineer with Tenable, unearthed two critical flaws affecting the Cisco Wireless IP Phone 8821.

SAP this week released its latest set of security patches, which brings a total of 23 Security Notes, including five that address Hot News vulnerabilities. Another Hot News Security Note released as part of the April 2020 SAP Security Patch Day addresses a directory traversal vulnerability in SAP NetWeaver.