Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Again: More emergency patches for Exchange

In week 15 in April, Microsoft published further new patches for critical security holes affecting Microsoft Exchange e-mail servers. It does so one month after the release of emergency patches for Exchange that have been exposed to widespread attacks over the past month. While Microsoft says in its advisory that these new vulnerabilities are not currently being actively attacked, they also make it clear that the vulnerabilities are critical and urge customers to apply these latest patches as soon as possible. Exchange: Emergency patch follows emergency patch Since there are currently ongoing attacks on Exchange servers, the ...

Read more

Vulnerabilities in the ConnectPort X2e device
Fireeye News

In late 2019, the Red Team at Mandiant, a FireEye unit, discovered a number of vulnerabilities in Digi International's ConnectPort X2e device. Mandiant's research focused on the SolarCity (now Tesla) renamed X2e device, which is used to collect data in private solar systems. A typical setup provides that SolarCity provides a customer with a gateway (the X2e device) and this is connected to the Internet via an Ethernet cable in the customer's home network. In this way, the device can interpret and send energy measured values. Hackers have managed to remotely ...

Read more

Sophos is the CVE Numbering Authority

With Sophos, the CVE program has recognized a new authorized participant as a (Common Vulnerability and Exposure) Numbering Authority. Sophos has been recognized as a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA) in the CVE program. The CVE is an international standard for identifying and naming cybersecurity vulnerabilities. With the inclusion, Sophos is entitled to issue internationally valid CVE IDs for security gaps in its products. The benefit is that security researchers can now work directly with Sophos to assign CVEs for the company's products. This facilitates the reporting processes as well as the assignment ...

Read more

NSA warns of VMware vulnerability
Tenable news

The NSA warns that Russian government-sponsored attackers are exploiting a serious VMware vulnerability. This is the second NSA warning related to government-sponsored Russian activities in 2020. An analysis by Satnam Narang, the Staff Research Engineer, Security Response at Tenable. The vulnerability was reported to VMware by the NSA, which published details in a security advisory, VMSA-23-2020, on November 0027.2rd. At this point, no patches were available, although VMware provided a number of fixes. The analysis CVE-2020-4006 is a security vulnerability caused by command injection in the administrative configurator component in ...

Read more

Trend Micro and Snyk cooperate
Trend Micro News

Trend Micro and Snyk develop a joint solution against open source vulnerabilities. The expansion of the partnership is intended to close the gap between DevOps and IT security. Trend Micro is working with Snyk to develop a new solution for vulnerability management in open source code. This enables security teams to minimize the risk of security gaps in open source code as soon as it is integrated - without interrupting the delivery process. The Japanese IT security provider and the leading company in the developer-first open source security sector are building their strategic partnership out of weak points by 3 times in 2,5 years utilized…

Read more