How EU lawmakers can make mandatory vulnerability disclosure responsible
There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the problem and, once a fix is available, discloses that vulnerability for the bene.....»»
Harmless strain of E. coli bacteria may be able to prevent urinary tract infections
Researchers from the Texas A&M College of Veterinary Medicine and Biomedical Sciences (VMBS) and the College of Engineering are collaborating on a project that uses harmless strains of E. coli bacteria to disrupt the bacteria responsible for urinary.....»»
Lower shipping emissions may lead to higher global temperatures
Products that we depend on and use every day arrive by way of massive container ships to ports around the world. But the maritime shipping industry is also responsible for polluting the air and oceans with sulfur dioxide, which can negatively affect.....»»
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior.....»»
Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711) CVE-2024-40711, a critical vulnerability affecting Ve.....»»
Tenable AI Aware provides exposure insight into AI applications, libraries and plugins
Tenable released AI Aware, advanced detection capabilities designed to surface artificial intelligence solutions, vulnerabilities and weaknesses available in Tenable Vulnerability Management. Tenable AI Aware provides exposure insight into AI applica.....»»
“MNT Reform Next” combines open source hardware and usable performance
New design has sleeker profile, uses more RAM and better CPU than the original. Enlarge / More streamlined (but still user-replaceable) battery packs are responsible for some of the Reform Next's space savings. (credit: MNT Resea.....»»
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known Exploited Vulnerabilities catalog, thus.....»»
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)
Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability (CVE-2024-6342). About CVE-2024-6342 Zyxel NAS devices are generally used by small to med.....»»
Tech stack uniformity has become a systemic vulnerability
Crashes due to faulty updates are nothing new; in fact, one reason IT teams often delay updates is their unreliability and tendency to disrupt the organization’s day-to-day operations. Zero-days are also an old phenomenon. In the past, due to a lac.....»»
Unlocked, loaded guns more common among parents who give kids firearm lessons
It's unknown if demonstrating responsible handling actually keeps kids safe. Enlarge / A man helps a boy look at a handgun during the National Rifle Association's Annual Meetings & Exhibits at the Indiana Convention Center in Ind.....»»
Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)
CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and reported by Code WHite researcher Florian Hauser, the vulnerability can be leveraged fo.....»»
Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Vulnerability allows Yubico security keys to be cloned Researchers have unearthed a cryptographic vulnerability in popular Yubico (FIDO) hardware se.....»»
Did lawmakers know role of fossil fuels in climate change during Clean Air Act era?
How much was known at the mid-20th century about the dangers of human-caused climate change? A lot more than most Americans think......»»
Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)
For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to unauthenticated remote code execution. About CVE-2024-45195 Apache OFBiz is an.....»»
Critically endangered California condor shot and killed in Colorado
A rare California condor passing through southwestern Colorado was shot and killed this year, and state and federal authorities on Wednesday asked the public to help track down those responsible......»»
Binarly Transparency Platform 2.5 identifies critical vulnerabilities before they can be exploited
Binarly announced Binarly Transparency Platform 2.5 with several features designed to enhance software vulnerability management and improve security posture across enterprise environments. The key highlight of this release is the innovative Reachabil.....»»
Researchers create new tool to analyze embodied carbon in more than 1 million buildings in Chicago
The built environment—which includes the construction and operation of buildings, highways, bridges and other infrastructure—is responsible for close to 40% of the global greenhouse gas emissions contributing to climate change......»»
trackd AutoPilot leverages historical patch disruption data
trackd has released a powerful rules engine that uses its patch disruption data to enable auto-patching with confidence, and based on actual data. “There’s only one reason that vulnerability management exists as a discipline in cyber secu.....»»
Business routers vulnerable to OS command injection attack
Zyxel fixes a 9.8-severity vulnerability in multiple endpoints......»»
Vulnerability allows Yubico security keys to be cloned
Researchers have unearthed a cryptographic vulnerability in popular Yubico (FIDO) hardware security keys and modules that may allow attackers to clone the devices. But the news is not as catastrophic as it may seem at first glance. “The attacke.....»»