How EU lawmakers can make mandatory vulnerability disclosure responsible
There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the problem and, once a fix is available, discloses that vulnerability for the bene.....»»
Norman Foster speaks on creating Apple Park"s iconic spaceship campus
Norman Foster, the man responsible for Apple Park's iconic design, sat down for a new interview to talk about that process and his time with late CEO Steve Jobs.Apple ParkApple has called Cupertino, California, a home for quite some time. From 1993 u.....»»
Carbon assurance likely to become mandatory, says study
Carbon assurances within the corporate environment are likely to become mandatory in the future, and companies that already have systems in place to track and account for carbon emissions would reap the benefits, research from Edith Cowan University.....»»
VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085)
Ransomware operators have been leveraging CVE-2024-37085, an authentication bypass vulnerability affecting Active Directory domain-joined VMware ESXi hypervisors, to gain full administrative access to them and encrypt their file system. VMware owner.....»»
Hackers exploit VMware vulnerability that gives them hypervisor admin
Create new group called "ESX Admins" and ESXi automatically gives it admin rights. Enlarge (credit: Getty Images) Microsoft is urging users of VMware’s ESXi hypervisor to take immediate action to ward off ongoing attac.....»»
Avocado genome assembled: Uncovering disease resistance and fatty acid secrets
The avocado, celebrated for its nutritious unsaturated fats and distinctive flavor, encounters notable agricultural challenges, particularly its vulnerability to diseases that can drastically reduce fruit quality and yield......»»
Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249)
CVE-2023-45249, a critical vulnerability affecting older versions of Acronis Cyber Infrastructure, is being exploited by attackers. About Acronis Cyber Infrastructure Acronis is a privately held Swiss cybersecurity and data protection technology comp.....»»
Virus that causes COVID-19 is widespread in wildlife, scientists find
SARS-CoV-2, the virus responsible for COVID-19, is widespread among wildlife species, according to Virginia Tech research published July 29, 2024 in Nature Communications. The virus was detected in six common backyard species, and antibodies indicati.....»»
Most CISOs feel unprepared for new compliance regulations
With the new stringent regulations, including the SEC’s cybersecurity disclosure rules in the USA and the Digital Operational Resilience Act (DORA) in the EU, a significant challenge is emerging for many organizations, according to Onyxia Cyber. CI.....»»
Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)
Progress Software has fixed a critical vulnerability (CVE-2024-6327) in its Telerik Report Server solution and is urging users to upgrade as soon as possible. About CVE-2024-6327 (and CVE-2024-6096) Telerik Report Server is an enterprise solution for.....»»
Typhoon Gaemi displaces nearly 300,000 in eastern China
Authorities evacuated nearly 300,000 people and suspended public transport across eastern China on Friday, as Typhoon Gaemi brought torrential rains already responsible for five deaths in nearby Taiwan......»»
Docker fixes critical auth bypass flaw, again (CVE-2024-41110)
A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. A.....»»
Environmental pollution and human health—how worried should we be?
If not the root of all evil, chemical pollution is surely responsible for a good chunk of it. At least, that's how it feels sometimes when reading the news and the latest research......»»
Naming and shaming domestic violence perpetrators doesn"t work to keep women safe, researcher says
Recent survey results show 25% of Australians agree that women who do not leave abusive relationships are partly responsible for the abuse continuing. This stubbornly common attitude demonstrates that victim-survivors are still being held responsible.....»»
Vulnerability in Telegram app for Android allows sending malicious files disguised as videos
ESET researchers discovered a zero-day exploit, which targets the Telegram app for Android, that appeared for sale for an unspecified price in an underground forum post from June 2024. Example of how the EvilVideo exploit appears on Telegram (source:.....»»
Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991)
A recently fixed vulnerability (CVE-2024-36991) affecting Splunk Enterprise on Windows “is more severe than it initially appeared,” according to SonicWall’s threat researchers. Several PoC exploits have been published, including one.....»»
Grype: Open-source vulnerability scanner for container images, filesystems
Grype is an open-source vulnerability scanner designed for container images and filesystems that seamlessly integrates with Syft, a powerful Software Bill of Materials (SBOM) tool. Find vulnerabilities for major operating system packages Alpine Amazo.....»»
Vulnerability in Cisco Smart Software Manager lets attackers change any user password
Yep, passwords for administrators can be changed, too. Enlarge Cisco on Wednesday disclosed a maximum-security vulnerability that allows remote threat actors with no authentication to change the password of any user, in.....»»
Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to targets in North America, Europe, and Southeast Asia, threat hunters with Tre.....»»
Firmware update hides Bluetooth fingerprints
A smartphone’s unique Bluetooth fingerprint could be used to track the device’s user–until now. A team of researchers has developed a simple firmware update that can completely hide the Bluetooth fingerprint, eliminating the vulnerability. Blue.....»»
AT&T hack: Carrier paid ransom for data; delayed public disclosure at request of FBI
More details are coming to light about the AT&T hack, which saw the personal data of around 110M customers compromised – including records of who they called and texted. It’s reported that the carrier made a Bitcoin ransom payment in return fo.....»»