SecurityWeek

Amazon has awarded an $18,000 bug bounty for an exploit chain that could have allowed an attacker to take complete control of a Kindle e-reader simply by knowing the targeted user’s email address.

A Russian researcher has made public on GitHub a functional exploit targeting a critical vulnerability that SAP patched in its Solution Manager product in March 2020.

A recently identified malvertising campaign targeting mobile and other connected devices users makes heavy use of obfuscation and cloaking to avoid detection.

Far Too Many Organizations Are Still Failing to Develop Intelligence Requirements Based on the Needs of Their Stakeholders

Snort 3 was officially released on Tuesday and users have been advised to switch to Snort 3 from any previous version of the popular intrusion prevention and intrusion detection system (IPS/IDS).

Oracle this week announced the availability of its first cumulative set of security fixes for 2021, which includes a total of 329 new patches.

Ransomware attacks took a heavy toll on the United States last year with more than 2,000 victims in government, education and health care, security researchers say in a new report.

Google has released Chrome 88 to the stable channel with several security improvements inside, including patches for 36 vulnerabilities, one of which is rated critical severity, and dropped support for Adobe Flash.

A recently identified piece of malware is targeting Linux devices to ensnare them into a botnet capable of malicious activities such as distributed denial of service (DDoS) and crypto-mining attacks.

Cybersecurity firm Malwarebytes on Tuesday revealed that it too was targeted by the hackers who breached the systems of Texas-based IT management company SolarWinds as part of a sophisticated supply chain attack.

Researchers at Israel-based boutique cybersecurity consultancy JSOF this week disclosed the details of seven potentially serious DNS-related vulnerabilities that could expose millions of devices to various types of attacks.

FireEye Mandiant on Tuesday announced the release of an open source tool designed to check Microsoft 365 tenants for the use of techniques associated with UNC2452, the name currently assigned by the cybersecurity firm to the threat group that attacked IT management company SolarWinds.

The VPNFilter malware is still present in hundreds of networks and malicious actors could take control of the infected devices, according to researchers at cybersecurity firm Trend Micro.

Microsoft this week announced that it has enabled automatic threat remediation in Microsoft Defender for Endpoint for users who opted into public previews.

Backup-as-a-service (BaaS) provider Rewind on Tuesday announced it has raised $15 million in Series A funding.Founded in 2015, the Ottawa, Canada-based company helps customers secure business-critical software-as-a-service (SaaS) application and cloud data, and claims more than 80,000 organizations in over 100 countries rely on its solutions.

The threat group behind the supply chain attack that targeted Texas-based IT management company SolarWinds leveraged a piece of malware named Raindrop for lateral movement and deploying additional payloads, Broadcom-owned cybersecurity firm Symantec reported on Tuesday.

Swimlane, a provider of security orchestration, automation and response (SOAR) solutions, announced today that it has raised $40 million in growth funding.

The OpenWrt Project, the developer of the open source Linux operating system for embedded devices, informed users on Monday that someone had breached its forum over the weekend.

The Federal Bureau of Investigation has issued a Private Industry Notification (PIN) to warn of attacks targeting enterprises, in which threat actors attempt to obtain employee credentials through vishing or chat rooms.

A researcher claimed last week that he managed to take control of the country code top-level domain (ccTLD) for the Democratic Republic of Congo after an important domain name was left to expire.