Chrome Issues Eleven Security Fixes, Including Two for Zero Day Flaws Exploited in the Wild
Vermilion Strike group has a stealth Linux version of Cobalt Strike Beacon backdoor, Over 61 mil. health and fitness tracker records leaked, Kape Technologies buys Express VPN for $936 mil., more
Don’t miss our special report on Apple’s emergency fix for a zero-click, zero day flaw affecting all Apple products.
Google released Chrome 93.0.4577.82 for Windows, Mac, and Linux to fix eleven security vulnerabilities, two of them zero-days exploited in the wild.
The two zero-day vulnerabilities, both memory bugs, were disclosed to Google on September 8th, 2021. Although the zero days often crash browsers, malicious actors can also exploit them to perform remote code execution, sandbox escapes, and other bad behavior. (Lawrence Abrams / Bleeping Computer)
Researchers at Intezer Labs say that the Vermilion group developed Vermilion Strike, a one-of-a-kind Linux version of the Cobalt Strike Beacon backdoor.
The researchers also say the threat actor group re-wrote the original Windows version of the Beacon backdoor to evade detection. Cobalt Strike Beacon is used to deploy other additional Cobalt Strike components on infected systems. (Catalin Cimpanu / The Record)
President Biden will nominate Alvaro Bedoya, an online privacy expert attorney, for a seat on the Federal Trade Commission.
Bedoya authored a 2016 report that called for Congress to more closely regulate the use of facial recognition software by law enforcement. He was also previously the top lawyer on the privacy subcommittee of the Senate Judiciary Committee. (David McCabe / New York Times)
The Website Planet research team and Security Researcher Jeremiah Fowler discovered a non-password-protected database related to IoT health and fitness tracking devices containing over 61 million records belonging to users worldwide.
The database had multiple references to “GetHealth,” a New York City-based company that offers a unified solution to access health and wellness data from hundreds of wearables, medical devices, and apps. Many of the records contained sensitive personal data, including first and last name, display name, date of birth, weight, height, gender, geolocation, and more. It’s not clear how long these records were exposed or who else may have had access to the dataset. (Jeremiah Fowler / Website Planet)
Private equity firm Siris Capital is in talks to buy cybersecurity company Radware, sources say.
Radware has a market valuation of about $1.7 billion and competes with Cloudflare, F5, and Akamai, protecting corporate websites from targeted denial-of-service attacks by malicious actors. (Alex Sherman / CNBC)
Kape Technologies agreed to buy VPN provider ExpressVPN for $936 million in a deal that will more than double the cybersecurity company's customer base and expand its tools for private web surfing.
Kape will pay $354 million in cash when the deal closes and the equivalent of $237 million in shares, which can be sold after a 24-month lockup. (Amy Thompson / Bloomberg)
Cyber risk management company Tenable announced a deal to buy cloud-native security company Accurics Tenable for $160 million in cash.
After the acquisition is completed, Tenable will integrate Accurics’ solutions with its container security and web scanning products. (Kyle Wiggers / Venture Beat)
Consulting firm and top MSSP company Booz Allen announced it had acquired threat intelligence, DFIR, remediation, and cyber risk and resilience management company Tracepoint.
Tracepoint will integrate with Booz Allen’s Commercial Cyber business in early 2022. (Joe Panettieri / MSSP Alert)
According to people familiar with the matter, credit rating agency TransUnion is nearing a deal to buy information-services company Neustar Inc. for $3.1 billion.
Neustar, which primarily uses analytics and modeling to help businesses identify potential customers and determine which ads to serve them, also provides cybersecurity services. (Cara Lombardo / Wall Street Journal)