How EU lawmakers can make mandatory vulnerability disclosure responsible
There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the problem and, once a fix is available, discloses that vulnerability for the bene.....»»
Net zero plans show limited climate ambition on "residual" emissions
New research by the University of East Anglia (UEA) reveals what countries think will be their most difficult to decarbonize sectors when they reach net zero, with agriculture expected to be responsible for the largest remaining emissions......»»
CISA starts CVE “vulnrichment” program
The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created by NIST National Vulnerability Database’s recent slowdown. NVD is fai.....»»
Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)
Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging customers to implement the patch. About CVE-2024-29212 Veeam Service Provider Console is a cloud platform used by managed services.....»»
Cybersecurity jobs available right now: May 8, 2024
CISO Pinsent Masons | United Kingdom | Hybrid – View job details As a CISO, you will be responsible for the overall security posture of the organisation, ensuring the organisation’s information and technology assets are protected fr.....»»
U.S. Government Needs to ‘Get It Right’ on Artificial Intelligence
“We can't afford to get this wrong—again,” Shalanda Young, the director of the Office of Management and Budget, tells TIME. Artificial intelligence has been a tricky subject in Washington. Most lawmakers agree that it poses.....»»
Discharge of scrubber water into the Baltic Sea is responsible for hundreds of millions in costs
Discharge from ships with so-called scrubbers cause great damage to the Baltic Sea. A new study from Chalmers University of Technology, Sweden, shows that these emissions caused pollution corresponding to socioeconomic costs of more than €680 milli.....»»
Novel attack against virtually all VPN apps neuters their entire purpose
TunnelVision vulnerability has existed since 2002 and may already be known to attackers. Enlarge (credit: Getty Images) Researchers have devised an attack against nearly all virtual private network applications that forc.....»»
Microsoft warns of new Android app vulnerability
Microsoft has discovered a new Android app vulnerability that has the potential for malicious apps to rewrite existing apps. The post Microsoft warns of new Android app vulnerability appeared first on Phandroid. Due to the ever-evolving na.....»»
Domestic violence disclosure schemes: Part of the solution to improving women"s safety or an administrative burden?
The spotlight is yet again shining on the national crisis of violence against women in Australia, and the calls for increased action and improved responses to all forms of domestic, family and sexual violence has intensified over the last three weeks.....»»
Maximum-severity GitLab flaw allowing account hijacking under active exploitation
The threat is potentially grave because it could be used in supply-chain attacks. Enlarge A maximum severity vulnerability that allows hackers to hijack GitLab accounts with no user interaction required is now under act.....»»
The 2024 Acura ZDX Type-S: This electric SUV feels polished but heavy
It's a badge-engineered Ultium EV, but Acura is responsible for all the software. Enlarge / When fitted with the optional carbon-fiber appearance pack, the ZDX manages to give off station wagon vibes. But others thought it looked.....»»
Cybersecurity jobs available right now: May 1, 2024
Adversary Simulation Specialist LyondellBasell | Poland | On-site – View job details The Adversary Simulation Specialist will be responsible for testing and evaluating the security of a LyondellBasell’s networks, systems, and applic.....»»
Why cloud vulnerabilities need CVEs
When considering vulnerability management’s purpose in a modern world, it’s imperative to recognize the huge transition to new technologies and how you manage risk within these different paradigms and environments (e.g., the cloud). Patch net.....»»
Apple has ‘secretive’ advanced AI lab in Europe; poached specialists from Google
A new report today says that Apple has created a ‘secretive’ advanced AI lab in Europe, and it’s this facility which is responsible for some of its most ground-breaking artificial intelligence work. The same report suggests that most of Appl.....»»
ThreatX provides always-active API security from development to runtime
ThreatX has extended its Runtime API and Application Protection (RAAP) offering to provide always-active API security from development to runtime, spanning vulnerability detection at Dev phase to protection at SecOps phase of the software lifecycle......»»
UK enacts IoT cybersecurity law
The Product Security and Telecommunications Infrastructure (PSTI) Act has come into effect today, requiring manufacturers of consumer-grade IoT products sold in the UK to stop using guessable default passwords and have a vulnerability disclosure poli.....»»
Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets
WP Automatic plugin patched, but release notes don't mention the critical fix. Enlarge (credit: Getty Images) Hackers are assailing websites using a prominent WordPress plugin with millions of attempts to exploit a high-.....»»
What it takes to make AI responsible in an era of advanced models
What it takes to make AI responsible in an era of advanced models.....»»
Secureworks enables users to view known vulnerabilities in the context of threat data
Secureworks announced the ability to integrate vulnerability risk context with threat detection to prevent attackers from exploiting known vulnerabilities and expedite response times, improving an organization’s security posture. The integration be.....»»
PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)
More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability (CVE-2024-2389) in Flowmon, Progress Software’s network monitoring/analysis and security solution, have been published. The critical vulner.....»»