Eclypsium Automata discovers vulnerabilities in IT infrastructure
Eclypsium launches Automata, a new AI-assisted feature for its digital supply chain security platform. Available now, Automata is an automated binary analysis system that replicates the knowledge and tooling of expert security researchers to discover.....»»
Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach
Ebury backdoors SSH servers in hosting providers, giving the malware extraordinary reach. Enlarge (credit: BeeBright / Getty Images / iStockphoto) Infrastructure used to maintain and distribute the Linux operating syste.....»»
FireMon Asset Manager 5.0 improves situational awareness
FireMon released FireMon Asset Manager 5.0. This new version of its solution provides real-time cyber situational awareness of an organization’s infrastructure, brings with it improved manageability, extends integration with other platforms, and fu.....»»
Early retirement of old vehicles won"t save the planet, says study
Lifespan caps for passenger vehicles have limited effect on reducing greenhouse gas emissions and could drive up costs and material use, finds a new study published in Environmental Research: Infrastructure and Sustainability. The research shows that.....»»
May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040)
For May 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040) actively exploited by attackers. CVE-2024-30051 and CVE-2024-30040 CVE-2024-30051 is a heap-based b.....»»
Study discovers distinct population of "troublemaker" platelet cells appear with aging
As people age, they become more prone to blood clotting diseases, when blood cells called platelets clump together when they don't need to and can cause major issues such as strokes and cardiovascular disease. For decades, scientists have studied why.....»»
Black Basta ransomware group is imperiling critical infrastructure, groups warn
Threat group has targeted 500 organizations. One is currently struggling to cope. Enlarge (credit: Getty Images) Federal agencies, health care associations, and security researchers are warning that a ransomware group tr.....»»
Critical vulnerabilities take 4.5 months on average to remediate
Over a third of organizations had at least one known vulnerability in 2023, with nearly a quarter of those facing five or more, and 60% of vulnerabilities remained unaddressed past CISA’s deadlines, according to Bitsight. Organizations struggle.....»»
How AI affects vulnerability management in open-source software
In this Help Net Security video, Itamar Sher, CEO of Seal Security, discusses how AI affects the risk and operational aspects of managing vulnerabilities in open-source software. One of the core issues around open-source vulnerability patch managemen.....»»
Study discovers cellular activity that hints recycling is in our DNA
Although you may not appreciate them, or have even heard of them, throughout your body, countless microscopic machines called spliceosomes are hard at work. As you sit and read, they are faithfully and rapidly putting back together the broken informa.....»»
New infosec products of the week: May 10, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Abnormal Security, AuditBoard, Cranium, Datadog, Eclypsium, ExtraHop, Forcepoint, SentinelOne, Splunk, Sumo Logic, and Trellix. AuditBoard enhances InfoSec S.....»»
Cybercriminals are getting faster at exploiting vulnerabilities
Cybercriminals are targeting the ever-increasing number of new vulnerabilities resulting from the exponential growth in the number and variety of connected devices and an explosion in new applications and online services, according to Fortinet. It’.....»»
How local journalism boosts support for fixing crumbling infrastructure
Strong local newspapers are tied to greater support for funding dams, sewers, and other basic infrastructure vital to climate resilience, according to a new study by researchers at UCLA and Duke University......»»
TESS discovers a rocky planet that glows with molten lava as it"s squeezed by its neighbors
UC Riverside astrophysicist Stephen Kane had to double-check his calculations. He wasn't sure the planet he was studying could be as extreme as it seemed......»»
F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026)
Eclypsium researchers have published details and PoC exploits for two remotely exploitable injection vulnerabilities (CVE-2024-21793, CVE-2024-26026) affecting F5’s BIG-IP Next Central Manager. About the vulnerabilities BIG-IP Next is “a comp.....»»
CISA starts CVE “vulnrichment” program
The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created by NIST National Vulnerability Database’s recent slowdown. NVD is fai.....»»
Critical vulnerabilities in BIG-IP appliances leave big networks open to intrusion
Hackers can exploit them to gain full administrative control of internal devices. Enlarge (credit: Getty Images) Researchers on Wednesday reported critical vulnerabilities in a widely used networking appliance that leave.....»»
Plug-in EVs, traditional hybrids share similar slice of retail market in different areas, Urban Science says
Public charging infrastructure must be available in the right locations before most consumers will consider an EV, Urban Science said......»»
SentinelOne Singularity Cloud Native Security simulates harmless attacks on cloud infrastructure
Attackers are targeting the scope and scale of the cloud to run rapid and coordinated threat campaigns. A new approach is needed to defend against them, and SentinelOne is delivering it with the launch of Singularity Cloud Native Security. A solution.....»»
Eclypsium offers protection for GenAI hardware infrastructure
Eclypsium announced new GenAI assessment capabilities for its Supply Chain Security Platform. The new capabilities help secure the fundamental layers of the GenAI tech stack through support for NVIDIA hardware and popular GenAI foundation models. As.....»»
U.S. “Know Your Customer” Proposal Will Put an End to Anonymous Cloud Users
Late January, the U.S. Department of Commerce published a notice of proposed rulemaking for establishing new requirements for Infrastructure as a Service providers (IaaS) . The proposal boils down to a 'Know Your Customer' regime for companies operat.....»»