How EU lawmakers can make mandatory vulnerability disclosure responsible
There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the problem and, once a fix is available, discloses that vulnerability for the bene.....»»
Rocket propellant tanks for NASA"s Artemis III mission take shape
As NASA works to develop all the systems needed to return astronauts to the moon under its Artemis campaign for the benefit of all, the SLS (Space Launch System) rocket will be responsible for launching astronauts on their journey. With the liquid ox.....»»
CVE Prioritizer: Open-source tool to prioritize vulnerability patching
CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA’s KEV catalog to offer insights into the probability of exploitation and the potential effec.....»»
Meet Bilophila wadsworthia—a gut microbe that"s both friend and foe
You may not have heard of hydrogen sulfide, but I bet you'd recognize the smell. Hydrogen sulfide is the gas responsible for the rotten-egg odor that you come across near stagnant water and in drains. This gas is also highly toxic when inhaled......»»
Scientists identify genetic mechanism responsible for plant leaf diversity
Plant leaves come in many different shapes, sizes and complexities. Some leaves are large and smooth, while others are smaller and serrated. Some leaves grow in single pieces while others form multiple leaflets. These variations in leaf structure pla.....»»
SpaceX takes a proactive step toward responsible behavior in orbit
"We commend this commitment as a first step." Enlarge / SpaceX's V2 Mini Starlink satellites awaiting launch. (credit: SpaceX) SpaceX announced this week that it will voluntarily bring down about 100 of its first-generat.....»»
AI-powered romantic chatbots are a privacy nightmare
They collect massive amounts of data with little disclosure about its use. Enlarge (credit: iStock via Getty Images) You shouldn’t trust any answers a chatbot sends you. And you probably shouldn’t trust it with your.....»»
The escalating impact of global warming on atmospheric rivers
Ribbons of water vapor called atmospheric rivers wind through the troposphere, moving the planet's moisture from near the equator toward the poles. These aerial waterways are responsible for about 20%–30% of the annual rain and snow in parts of Eur.....»»
Roundcube webmail XSS vulnerability exploited by attackers (CVE-2023-43770)
CVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers in the wild, CISA has warned by adding the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Ab.....»»
Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893)
Hackers are actively exploiting a vulnerability (CVE-2024-21893) in Ivanti Connect Secure, Policy Secure and Neurons for ZTA to inject a “previously unknown and interesting backdoor” dubbed DSLog. CVE-2024-21893 patches and exploitation I.....»»
California"s war on plastic bag use seems to have backfired: Lawmakers are trying again
It was a decade ago when California became the first state in the nation to ban single-use plastic bags, ushering in a wave of anti-plastic legislation from coast to coast......»»
OneTrust platform enhancements accelerate AI adoption
OneTrust announced its newest platform features that make it easier for customers to govern their use of AI and accelerate AI innovation, ensure the responsible use of data across the entire data lifecycle, and achieve compliance program efficiency t.....»»
Decryptor for Rhysida ransomware is available!
Files encrypted by Rhysida ransomware can be successfully decrypted, due to a implementation vulnerability discovered by Korean researchers and leveraged to create a decryptor. Rhysida and its ransomware Rhysida is a relatively new ransomware-as-a-se.....»»
Politically conservative CEOs found to think differently about transparency
As a purely voluntary form of disclosure, management earnings forecasts may tell us as much about the managers themselves as about their company's financial future. All sorts of personality traits may influence the content and cadence of forecasts, b.....»»
Creating a toolkit of yeast strains that over-produce key cellular building blocks
Microbes such as bacteria and yeast are increasingly being used to produce components of medicines, biofuels, and food. Indeed, baker's yeast, also known as brewer's yeast or Saccharomyces cerevisiae, is responsible for the fermentation process used.....»»
Study: "Legacy" phosphorus delays water quality improvements in Gulf of Mexico
The same phosphorous that fertilizes the thriving agriculture of the Midwest is also responsible for a vast "dead zone" in the Gulf of Mexico near the Mississippi Delta. Efforts to reduce the amount of phosphorus that enters the Mississippi River sys.....»»
Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)
CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being exploited by attackers. About CVE-2024-21893 CVE-2024-21893 allows a attac.....»»
On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917)
JetBrains has patched a critical authentication bypass vulnerability (CVE-2024-23917) affecting TeamCity On-Premises continuous integration and deployment servers. About CVE-2024-23917 CVE-2024-23917 could allow an unauthenticated threat actor with H.....»»
Critical vulnerability affecting most Linux distros allows for bootkits
Buffer overflow in bootloader shim allows attackers to run code each time devices boot up. Enlarge Linux developers are in the process of patching a high-severity vulnerability that, in certain cases, allows the install.....»»
As if 2 Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3
Hackers looking to diversify began mass-exploiting a new vulnerability over the weekend. Enlarge (credit: Getty Images) Mass exploitation began over the weekend for yet another critical vulnerability in widely used VPN s.....»»
Lagging Mastodon admins urged to patch critical account takeover flaw (CVE-2024-23832)
Five days after Mastodon developers pushed out fixes for a remotely exploitable account takeover vulnerability (CVE-2024-23832), over 66% of Mastodon servers out there have been upgraded to close the hole. About Mastodon Mastodon is open-source (serv.....»»