How EU lawmakers can make mandatory vulnerability disclosure responsible
There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the problem and, once a fix is available, discloses that vulnerability for the bene.....»»
Study identifies protein responsible for gas vesicle clustering in bacteria
Gas vesicles are hollow structures made of protein found in the cells of certain microorganisms, and researchers at Rice University believe they can be programmed for use in biomedical applications......»»
Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)
A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,”.....»»
New infosec products of the week: March 29, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Bedrock Security, CyberArk, GitGuardian, Legit Security, and Malwarebytes. GitGuardian SCA automates vulnerability detection and prioritization for enhanced.....»»
Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV ca.....»»
Scientists identify first negative regulator of NOX4 translation
Nicotinamide adenine dinucleotide phosphate oxidase 4 (NADPH oxidase 4, NOX4) is an important member of the NADPH oxidase family that is primarily responsible for the production of H2O2. The regulation of NOX4 activity is predominantly through protei.....»»
Hate mosquitoes? Who doesn"t? But maybe we shouldn"t
A blood-sucking nuisance, mosquitoes are responsible for spreading diseases to hundreds of millions of people every year. True?.....»»
AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)
Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells. “To our knowledge, the attack started 7 months ago,” Avi.....»»
BackBox platform update enhances CVE mitigation and risk scoring
After releasing Network Vulnerability Manager (NVM) in Q4 2023, BackBox has announced a major platform feature update that gives customers the ability to mark irrelevant or already-mitigated Common Vulnerabilities and Exposures (CVEs) as “mitig.....»»
GitGuardian SCA automates vulnerability detection and prioritization for enhanced code health
GitGuardian has released its Software Composition Analysis (SCA) module. SCA directly impacts the health of organizations’ codebase by automating vulnerability detection, prioritization, and remediation in software dependencies. Its additional capa.....»»
Researchers uncover key biomolecule involved in whooping cough infection
Researchers have identified a new complex-carbohydrate biomolecule, or glycan, that plays a key role in the nasal colonization of the Bordetella bacteria responsible for whooping cough. The discovery could make it possible to create a new drug or vac.....»»
This ‘unpatchable’ Mac flaw is keeping me up at night
A newly discovered vulnerability could leave Apple Silicon Macs wide open to malicious hacker attacks -- and it looks like the flaw can’t even be patched......»»
Week in review: Ivanti fixes RCE vulnerability, Nissan breach affects 100,000 individuals
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Outsmarting cybercriminal innovation with strategies for enterprise resilience In this Help Net Security interview, Pedro Cameirão, Head of Cyber D.....»»
Cocoa beans are in short supply: What this means for farmers, businesses and chocolate lovers
A shortage of cocoa beans has led to a near shutdown of processing plants in Côte d'Ivoire and Ghana, the two countries responsible for 60% of global production. With chocolate makers around the world reliant on west Africa for cocoa, there is signi.....»»
Hackers can unlock over 3 million hotel doors in seconds
Saflok has a fix for the vulnerability, but patching may take a long time. Enlarge / A Saflok branded lock. (credit: Dormakaba) When thousands of security researchers descend on Las Vegas every August for what's come to.....»»
Apple Silicon vulnerability leaks encryption keys, and can"t be patched easily
A new vulnerability in Apple Silicon chips can allow a determined attacker to access a user's data by stealing the cryptographic keys — and a fix could considerably impact encryption performance.Apple Silicon M2 in front of a MacBookResearchers hav.....»»
Unpatchable vulnerability in Apple chip leaks secret encryption keys
Fixing newly discovered side channel will likely take a major toll on performance. Enlarge (credit: Aurich Lawson | Apple) A newly discovered vulnerability baked into Apple’s M-series of chips allows attackers to extra.....»»
Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware
Attackers are exploiting the recently patched JetBrains TeamCity auth bypass vulnerability (CVE-2024-27198) to deliver ransomware, cryptominers and remote access trojans (RATs), according to Trend Micro researchers. The CVE-2024-27198 timeline CVE-20.....»»
Secrets sprawl: Protecting your critical secrets
Leaked secrets, a phenomenon known as ‘secrets sprawl,’ is a pervasive vulnerability that plagues nearly every organization. It refers to the unintentional exposure of sensitive credentials hardcoded in plaintext within source code, messa.....»»
Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)
Ivanti has fixed a critical RCE vulnerability (CVE-2023-41724) in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. Though the company is not aware of customers being compromised via the flaw, it R.....»»
1% of users are responsible for 88% of data loss events
Data loss is a problem stemming from the interaction between humans and machines, and ‘careless users’ are much more likely to cause those incidents than compromised or misconfigured systems, according to Proofpoint. While organizations a.....»»