SAP has addressed the Spring4Shell vulnerability, tracked as CVE-2022-22965, impacting its Customer Profitability Analytics, Business One Cloud, and Commerce offerings, as part of this month's Security Patch Day, reports SecurityWeek.
Attackers have been leveraging a novel phishing approach that involves the creation of an unusual link with an "@" symbol in between, which browsers identify as legitimate domains and therefore allows evasion of security systems, according to Threatpost.
New guidance from the Cloud Security Alliance aims to support delivery organizations with assessing and managing cybersecurity risks to the healthcare supply chain.
VentureBeat reports that Abnormal Security has secured a $210 million investment from a Series C funding round, which will be allocated toward improving its cloud-native email security platform to better mitigate business email compromise and other email-based attacks.
Microsoft has issued a fix for a Windows Local Security Authority spoofing zero-day vulnerability, which could be abused to force domain controller authentication through the Windows NT LAN Manager protocol, BleepingComputer reports.
CyberScoop reports that nearly 75% of all Americans could have their licenses accessed by the Immigration and Customs Enforcement agency, which has already performed face scans for at least one-third of all U.S. adults' licenses.