Top cybersecurity M&A deals for 2022

Read Time:38 Second

The number of cybersecurity mergers and acquisitions deals in 2021 set a record pace. The first three quarters of the year saw 151 transactions in the industry, according to 451 Research. That’s up from 94 for the same period in 2020. That trend is likely to continue in 2022.

Many of the 2021 transactions CSO reported were in the identity and cloud security markets, especially toward the end of the year. This trend is likely to continue as these markets consolidate.

In all markets, larger firms are looking to expand their capabilities. Recorded Future’s acquisition of SecurityTrails is an early 2022 example, as it adds attack surface monitoring technology to Recorded Future’s offerings.

To read this article in full, please click here

Read More

CVE-2021-32692

Read Time:31 Second

Activity Watch is a free and open-source automated time tracker. Versions prior to 0.11.0 allow an attacker to execute arbitrary commands on any macOS machine with ActivityWatch running. The attacker can exploit this vulnerability by having the user visiting a website with the page title set to a malicious string. An attacker could use another application to accomplish the same, but the web browser is the most likely attack vector. This issue is patched in version 0.11.0. As a workaround, users can run the latest version of aw-watcher-window from source, or manually patch the `printAppTitle.scpt` file.

Read More

webkitgtk-2.38.3-1.fc37

Read Time:22 Second

FEDORA-2022-4b0c87af0c

Packages in this update:

webkitgtk-2.38.3-1.fc37

Update description:

Update to 2.38.3:

Fix runtime critical warnings from media player.
Fix network process crash when fetching website data on ephemeral session.
Fix the build with Ruby 3.2.
Fix several crashes and rendering issues.
Security fixes: CVE-2022-42852, CVE-2022-42856, CVE-2022-42867, CVE-2022-46692, CVE-2022-46698, CVE-2022-46699, CVE-2022-46700

Read More

webkit2gtk3-2.38.3-1.fc36

Read Time:22 Second

FEDORA-2022-71121c44a4

Packages in this update:

webkit2gtk3-2.38.3-1.fc36

Update description:

Update to 2.38.3:

Fix runtime critical warnings from media player.
Fix network process crash when fetching website data on ephemeral session.
Fix the build with Ruby 3.2.
Fix several crashes and rendering issues.
Security fixes: CVE-2022-42852, CVE-2022-42856, CVE-2022-42867, CVE-2022-46692, CVE-2022-46698, CVE-2022-46699, CVE-2022-46700

Read More

CVE-2020-26302

Read Time:24 Second

is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). is.js uses a regex copy-pasted from a gist to validate URLs. Trying to validate a malicious string can cause the regex to loop “forever.” This vulnerability was found using a CodeQL query which identifies inefficient regular expressions. is.js has no patch for this issue.

Read More