How EU lawmakers can make mandatory vulnerability disclosure responsible
There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the problem and, once a fix is available, discloses that vulnerability for the bene.....»»
Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323)
Tenable researchers have discovered a critical vulnerability (CVE-2024-4323) in Fluent Bit, a logging utility used by major cloud providers and tech companies, which may be leveraged for denial of service, information disclosure, or remote code execu.....»»
15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130)
Researchers have found 15 vulnerabilities in QNAP’s network attached storage (NAS) devices, and have released a proof-of-concept for one: an unauthenticated stack overflow vulnerability (CVE-2024-27130) that may be leveraged for remote code exe.....»»
Fluent Bit vulnerability threatens almost all popular cloud platforms
Super popular logging tool comes with a major flaw that could result in sensitive information leakage......»»
The challenges of GenAI in fintech
Due to the cybersecurity disclosure rules the Securities and Exchange Commission (SEC) has adopted in 2023, public entities in the US are required to disclose any material cybersecurity incidents. Moving forward, these organizations will need in-dept.....»»
PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026)
Technical details about and a proof-of-concept (PoC) exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released by the vulnerability’s reporter. About CVE-2024-22026 Ivanti Endpoint Manager Mobile (formerly.....»»
Colorado"s demand for water is slated to surpass supplies by 2050: Did lawmakers do enough to address the crisis?
As Colorado's rivers shrink and its soils dry out, state lawmakers this year passed a slew of water bills that advocates say will help reduce water use and protect the critical natural resource......»»
U.S. Supreme Court backs consumer finance watchdog agency"s funding mechanism
Many conservatives and their Republican allies have portrayed the CFPB as part of an overbearing "administrative state," the network of agencies responsible for the array of federal regulations affecting businesses and individuals......»»
Is an open-source AI vulnerability next?
AI has captured widespread interest and offers numerous benefits. However, its rapid advancement and widespread adoption raise concerns, especially for those of us in cybersecurity. With so much interest, there are lots of insecure applications findi.....»»
Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947)
For the third time in the last seven days, Google has fixed a Chrome zero-day vulnerability (CVE-2024-4947) for which an exploit exists in the wild. About CVE-2024-4947 CVE-2024-4947 is a type confusion vulnerability in V8, Chrome’s JavaScript and.....»»
Cybersecurity analysis exposes high-risk assets in power and healthcare sectors
Traditional approaches to vulnerability management result in a narrow focus of the enterprise attack surface area that overlooks a considerable amount of risk, according to Claroty. Organizations must take a holistic approach to exposure management T.....»»
Cybersecurity jobs available right now: May 15, 2024
Associate / Pentester (Red Team) – Cybersecurity Audit Siemens | Germany | Hybrid – View job details As an Associate / Pentester (Red Team) – Cybersecurity Audit, you will be responsible for conducting cybersecurity assess.....»»
8 automakers misled customers about giving driver data to police, lawmakers say
The lawmakers' findings raise questions about whether automakers can be held to account for departing from promises made about user privacy......»»
Tailoring responsible AI: Defining ethical guidelines for industry-specific use
In this Help Net Security interview, Chris Peake, CISO & SVP at Smartsheet, explains how responsible AI should be defined by each organization to guide their AI development and usage. Peake emphasizes that implementing responsible AI requires balanci.....»»
Critical vulnerabilities take 4.5 months on average to remediate
Over a third of organizations had at least one known vulnerability in 2023, with nearly a quarter of those facing five or more, and 60% of vulnerabilities remained unaddressed past CISA’s deadlines, according to Bitsight. Organizations struggle.....»»
How AI affects vulnerability management in open-source software
In this Help Net Security video, Itamar Sher, CEO of Seal Security, discusses how AI affects the risk and operational aspects of managing vulnerabilities in open-source software. One of the core issues around open-source vulnerability patch managemen.....»»
Red teaming: The key ingredient for responsible AI
Developing responsible AI isn’t a straightforward proposition. On one side, organizations are striving to stay at the forefront of technological advancement. On the other hand, they must ensure strict compliance with ethical standards and regulator.....»»
Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Servic.....»»
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671)
Google has fixed a Chrome zero-day vulnerability (CVE-2024-4671), an exploit for which exists in the wild. About CVE-2024-4671 CVE-2024-4671 is a use after free vulnerability in the Visuals component that can be exploited by remote attackers to trigg.....»»
Google patches its fifth zero-day vulnerability of the year in Chrome
Exploit code for critical "use-after-free" bug is circulating in the wild. Enlarge (credit: Getty Images) Google has updated its Chrome browser to patch a high-severity zero-day vulnerability that allows attackers to exe.....»»
NHTSA clarifies odometer disclosure rule, paving path for digitized registration
Electronic signatures are permitted on all odometer disclosures, a clarification that could be crucial to the movement to digitize title and registration processes......»»