Microsoft Offers Up to $30,000 for Flaws in Chromium-Based Edge

Microsoft is offering up to $30,000 for vulnerabilities found in the new version of its Edge browser. Microsoft this week announced the release of the first Beta preview of the upcoming version of Edge, which is based on Chromium. The company also unveiled a new bug bounty program that gives researchers the opportunity to earn significant bounties for responsibly disclosing vulnerabilities in the new Edge. According to Microsoft, the…

READ MORE

Claroty Releases Free Diagnostic Tool for Urgent/11 Vulnerabilities

Industrial cybersecurity firm Claroty this week released a free and open source tool designed to help organizations check whether their operational technology (OT) devices are vulnerable to Urgent/11 attacks. IoT security firm Armis recently disclosed 11 vulnerabilities affecting the VxWorks real time operating system (RTOS). The flaws, collectively tracked as Urgent/11, can allow a remote attacker to take control of impacted systems. The flaws affect VxWorks versions 6.9.4.11, Vx7…

READ MORE

Hackers Target Vulnerabilities in Fortinet, Pulse Secure Products

Recently disclosed vulnerabilities affecting enterprise virtual private network (VPN) products from Fortinet and Pulse Secure have been exploited in the wild, a researcher reported on Thursday. Researcher Kevin Beaumont said he spotted attempts to exploit the flaws via BinaryEdge. The targeted security holes are CVE-2018-13379, a high-risk path traversal vulnerability in the FortiOS SSL VPN web portal, and CVE-2019-11510, a critical arbitrary file read vulnerability in Pulse Connect Secure.…

READ MORE