Hackers, which Microsoft says in high confidence are based in China and have been dubbed DEV-0322, exploited the zero-day CVE-2021-35211 vulnerability.

“Just because you turn off the lights doesn’t mean the cockroaches aren’t there. You just can’t see them,” Cisco's Bob Everson said.

RiskIQ integrations could allow Microsoft to “do some pretty amazing things around attack surface management,” Forrester senior analyst Brian Kime said.

Microsoft buys ReFirm Labs for an IoT security boost; Illumio reaches a $2.75 billion valuation; and other M&A and VC news from June 2021.

The software giant released its annual bug bounty review just days after disclosing a critical Windows bug dubbed PrintNightmare.

“There is hundreds of millions of dollars flowing into this illicit marketplace right now and, unfortunately, things are gonna get worse,” Cisco Talos threat researcher Nick Biasini said.

Deutsche Telekom activated its “O-RAN Town;” Cisco closed its Kenna Security acquisition; and June’s hirings, firings, and retirings shook up industry exec teams.

Only about 3% to 5% of an organizations’ vulnerabilities are actually susceptible to an attack, Kenna CEO Karim Toubba said: “The name of the game is precision.”

This isn’t a pivot for the SDN pioneer, but rather an “expansion of the field of view,” said CTO and co-founder Brandon Heller.

AT&T divested its entertainment business; Cisco went on a buying spree; and tons of venture financing deals are part of the May Money Moves.

Huawei wants to prove security critics wrong; ransomware gangs provide security tips; and Verizon pushed private 5G for enterprises.

The FBI and ransomware gangs agree on this one point: If you don’t want to be the next Colonial Pipeline or JBS, use strong passwords.

Huawei is outraged by claims that it is acting as a global spying apparatus for the Chinese government and willing to give its critics unrestricted access to test and

ReFirm built its firmware analysis technology on Binwalk open source software, the international standard for extracting firmware images used by more than 50,000 global organizations.

AT&T Cyber hunts government threats; Netflix and VMware talk security lessons learned; and Palo Alto Networks zeroes in on zero trust.

Also at the RSA Conference, the security vendor published new attack surface data that found global enterprises expose a new, serious security vulnerability every 12 hours.

The timing of the acquisition is notable because the RSA security conference starts on Monday, and Cisco CEO Chuck Robbins will deliver a day 1 keynote.

Microsoft VP charts zero-trust Course; VMware names a new CEO; and Salt shifts API security posture left.

“One of the most important first steps in a zero-trust journey is to establish strong authentication,” Microsoft's Vasu Jakkal said.

The move comes as API vulnerabilities such as those that led to the Experion and Peloton data leaks highlight the need to identify flaws and secure APIs before they

Also this week, the U.S. Department of Energy launched a coordinated effort with CISA to secure the energy sector against cyberattacks.

Cisco joins South Korea's digital push; FBI hacks computers to kill Exchange web shells; and Vodaphone Germany activates Europe's first 5G standalone network.

Also on Tuesday, the NSA alerted Microsoft to more critical vulnerabilities that hackers could use to remotely compromise Exchange email systems.

McAfee sold its enterprise business for $4 billion; VMware joined the cloud-native app security frenzy; and Orca scored a whale of a Series C.