How EU lawmakers can make mandatory vulnerability disclosure responsible
There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the problem and, once a fix is available, discloses that vulnerability for the bene.....»»
As if two Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3
Hackers looking to diversify, began mass exploiting a new vulnerability over the weekend. Enlarge (credit: Getty Images) Mass exploitation began over the weekend for yet another critical vulnerability in widely used VPN.....»»
As if two Ivanti vulnerabilities under explot wasn’t bad enough, now there are 3
Hackers looking to diversify, began mass exploiting a new vulnerability over the weekend. Enlarge (credit: Getty Images) Mass exploitation began over the weekend for yet another critical vulnerability in widely used VPN.....»»
Study challenges classical view of the Antarctic Circumpolar Current origin and warns of its vulnerability
The Circumpolar Current works as a regulator of the planet's climate. Its origins were thought to have caused the formation of the permanent ice in Antarctica about 34 million years ago. Now, a study led by the University of Barcelona, the Instituto.....»»
Security Bite: Use these iPhone privacy and security features in iOS 17.3, more
Last week on Security Bite, I discussed a vulnerability in Stolen Device Protection, a newly added security feature in iOS 17.3. Vision Pro has since hit the market and has been dominating the headlines. This Sunday, I wanted to give your feed fresh.....»»
Senate hearing on social media: Zuckerberg apologises to families; bizarre racism
The Senate hearing on social media saw Meta CEO Mark Zuckerberg apologise to families who hold social media responsible for children who harmed themselves, including some who took their own lives. It also saw some bizarre racism by one senator who.....»»
CVEMap: Open-source tool to query, browse and search CVEs
CVEMap is an open-source command-line interface (CLI) tool that allows you to explore Common Vulnerabilities and Exposures (CVEs). It’s designed to offer a streamlined and user-friendly interface for navigating vulnerability databases. Although.....»»
Custom rules in security tools can be a game changer for vulnerability detection
In this Help Net interview, Isaac Evans, CEO at Semgrep, discusses the balance between speed and thoroughness in CI/CD pipeline security scanning. Stressing the need to avoid slowing down the process, he recommends a nuanced approach, utilizing custo.....»»
Lawmakers want U.S. to probe four Chinese firms involved in Ford battery plant
The chairs of two U.S. House committees asked the Biden administration to investigate four Chinese companies they say are involved in Ford Motor's planned Michigan battery plant, according to a letter seen by Reuters......»»
Reddit: IP Address Disclosure Puts User Anonymity At Risk
A third attempt by film companies to obtain information on Reddit users is facing opposition from the social media platform. The rightsholders, who want to use comments posted to Reddit as evidence in a lawsuit against an ISP, argued that disclosing.....»»
The effect of omission bias on vulnerability management
Whether we’d like to admit it to ourselves or not, all humans harbor subconscious biases that powerfully influence our behavior. One of these is the omission bias, which has interesting ramifications in the world of cyber security, specifically vul.....»»
PoC for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)
Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. Fortra’s GoAnywhere MFT is a web-based.....»»
Update your Apple devices, because the latest releases patched a major security flaw
Apple's latest updates to all its operating systems from macOS Sonoma to tvOS 17.3, included a fix to prevent a WebKit security vulnerability that the company says has been exploited.Researchers show how a GPU vulnerability could be exploitedAlongsid.....»»
Methane pulses on Mars possibly driven by atmospheric pressure changes
New research shows that atmospheric pressure fluctuations that pull gases up from underground could be responsible for releasing subsurface methane into Mars's atmosphere; knowing when and where to look for methane can help the Curiosity rover search.....»»
19 Types of Architects and Careers to Follow
Architects are professionals who design and plan buildings and other structures. They are responsible for creating functional, safe, sustainable, and aesthetically pleasing spaces. Architects also collaborate with engineers, contractors, clients, and.....»»
Apple debuts new feature to frustrate iPhone thieves
Besides fixing an actively exploited zero-day vulnerability, the latest update for the iOS 17 branch offers a new feature to help you protect your accounts and sensitive information in case your iPhone gets stolen. Stolen Device Protection If enabled.....»»
Attackers can steal NTLM password hashes via calendar invites
A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev.....»»
Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082)
A previously patched critical vulnerability (CVE-2023-35082) affecting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core is being actively exploited, the Cybersecurity and Infrastructure Security Agency (CISA) has confirmed by adding the vuln.....»»
Out with the old and in with the improved: MFA needs a revamp
From AI to ZTA (zero-trust architecture), the technology responsible for protecting your company’s data has evolved immensely. Despite the advances, cybercriminals repeatedly find new and creative ways to gain access to sensitive information. This.....»»
FCC chair defends broadband discounts for poor people against Republican attack
Lawmakers criticized FCC for something that was decided by Congress, chair says. Enlarge / FCC Chairwoman Jessica Rosenworcel at a Senate subcommittee hearing on September 19, 2023 in Washington, DC. (credit: Getty Images | The.....»»
AMD and Apple face a dangerous new security flaw
Researchers just discovered a new vulnerability that allows hackers to steal data and affects Apple, AMD, and Qualcomm......»»