Mozilla and Google release second batch of patches in one week

scmagazine | April 09, 2020

Mozilla and Google each took the unusual step of rolling out a second wave of security updates in less than a week. Mozilla covered six issues while Google had 32 to secure. Mozilla’s latest patches again cover Firefox 74 and Firefox ESR ESR 68.6, but unlike the flaws addressed in the earlier update, these vulnerabilities are not being exploited in the wild. The latest batch covers six issues: the high-rated CVE-2020-6826, CVE-2020-6825 and CVE-2020-6821, and the moderate-rated CVE-2020-6822, CVE-2020-6823 and CVE-2020-6824.CVE-2020-6826, CVE-2020-6825 patch memory safety bugs, found in both Firefox and Firefox ESR, that could be exploited to run arbitrary code. CVE-2020-6821 covers a problem where uninitialized memory could be read when using the WebGL copyTexSubImage method, potentially leading to sensitive data disclosure.

Spotlight

Whether it is absorbing an acquisition with a mixed technology stack, or managing security for operating companies rolling out a uniform technology stack, GreyMatter enables you to streamline security operations so you can increase visibility, reduce complexity, and manage risk.


Other News
PLATFORM SECURITY,SOFTWARE SECURITY

Stellar Cyber Integrates with Netskope to Deliver World-Class User Context, Speeding Investigations and Improving Security Outcomes

Stellar Cyber | December 20, 2022

Stellar Cyber, the innovator of Open XDR, today announced a new integration with Netskope, a global leader in secure access service edge (SASE). This powerful integration makes it easy for enterprise and MSSP users of the Stellar Cyber Open XDR platform to improve visibility of risks and threats by incorporating the rich user-centric data generated by Netskope in every investigation conducted by their security analysts. Under this integration, Netskope maintains visibility and control across five lanes of user traffic, including web, managed SaaS, unmanaged SaaS, cloud service providers, and public-facing custom apps in one single-pass cloud architecture. At the same time, Stellar Cyber ingests, normalizes, and analyzes Netskope data and all other collected data to identify potential threats creating prioritized, investigation-ready incidents. As security analysts complete incident investigations, Stellar Cyber automatically initiates response actions to third-party products integrated into the solution, including Netskope. “Making it easy for our customers that use Stellar Cyber to incorporate Netskope’s valuable user insights into their investigations is another way for us to bring them new levels of security visibility. “Making security analysts more productive means attacker dwell time decreases, reducing the risk of breach across our customer's environment.” Andy Horwitz, VP of Business Development at Netskope “Automatically incorporating Netskope’s rich user data into every investigation in the Stellar Cyber platform adds critical context that previously required significant manual effort, which should be especially important to customers with lean security teams focused on reducing the workload on their SOC analysts,” said Andrew Homer, VP, Technology Alliances at Stellar Cyber. “With this integration, we continue to deliver what our customers, and the market, expect.” About Stellar Cyber Stellar Cyber’s Open XDR platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley.

Read More

Spotlight

Whether it is absorbing an acquisition with a mixed technology stack, or managing security for operating companies rolling out a uniform technology stack, GreyMatter enables you to streamline security operations so you can increase visibility, reduce complexity, and manage risk.

Resources