How EU lawmakers can make mandatory vulnerability disclosure responsible
There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the problem and, once a fix is available, discloses that vulnerability for the bene.....»»
VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063)
A critical vulnerability (CVE-2023-34063) affecting VMware Aria Automation and VMware Cloud Foundation can be exploited by attackers to gain access to remote organizations and workflows, VMware has warned. The company is not aware of any “in th.....»»
The politics of alternative proteins studied through notions of competition, definitions, labeling
A study by QUT researchers has looked at the politics of alternative proteins (new meat alternatives) in Australia as lawmakers grapple with notions of competition, definitions and labeling......»»
Most older iPhones, Macs, and iPads are vulnerable to a new GPU security flaw
A security flaw named LeftoverLocals lets attackers access data that has been processed in a device's GPU, and while Apple says A17 iPhone and M3 Macs have fixes, older models do not.Researchers show how a GPU vulnerability could be exploitedThe repo.....»»
As abandoned boats pile up in California waters: Who is responsible for the environmental damage?
On Jan. 2, a 27-foot sailboat sank off the southern coast of Alameda in stormy weather. Rescue crews saved the man on board, but the ship landed beside a long rock wall jutting from the island......»»
Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)
Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution. The good news is that the flaw was fixed in early December 2023 with the release of versions 8.5.....»»
Why we must bring order to cyber vulnerability chaos
Why we must bring order to cyber vulnerability chaos.....»»
Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025)
A vulnerability (CVE-2023-36025) that Microsoft fixed in November 2023 continues to be exploited by malware peddlers: this time around, the delivered threat is a variant of the Phemedrone Stealer. About the malware Phemedrone Stealer is a piece of ma.....»»
Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)
Juniper Networks has fixed a critical pre-authentication remote code execution (RCE) vulnerability (CVE-2024-21591) in Junos OS on SRX firewalls and EX switches. About CVE-2024-21591 CVE-2024-21591 is an out-of-bounds write vulnerability that could a.....»»
Vision Pro appointments might not be mandatory, but Apple’s inviting you to try it anyway
Reports preceding Apple’s Vision Pro release date announcement said buyers would have to go to Apple retail stores to pick up the spatial computer, but … The post Vision Pro appointments might not be mandatory, but Apple’s inviting you.....»»
Candida evolution disclosed: New insights into fungal infections
Global fungal infections, which affect 1 billion people and cause 1.5 million deaths each year, are on the rise due to the increasing number of medical treatments that heighten vulnerability. Patients undergoing chemotherapy or immunosuppressive trea.....»»
Critical GitLab flaw allows account takeover without user interaction, patch quickly! (CVE-2023-7028)
A critical vulnerability in GitLab CE/EE (CVE-2023-7028) can be easily exploited by attackers to reset GitLab user account passwords. While also vulnerable, users who have two-factor authentication enabled on their account are safe from account takeo.....»»
UK"s antitrust agency is going to put the screws to US big tech in 2024
Now that 2024 has arrived, the Competition and Markets Authority that will be responsible for big tech antitrust decisions in the UK has made it clear that when it is fully empowered it will immediately launch several investigations against US big te.....»»
New rice lines for Africa offer virus protection
Rice yellow mottle virus (RYMV) is responsible for high crop losses in Africa, particularly among small-scale farmers. A research team has now produced rice lines that are resistant to the disease by means of genome editing......»»
Apple releases Magic Keyboard firmware update with fix for Bluetooth security vulnerability
Apple has released a new firmware update for its Magic Keyboard accessory. The company says that this update addresses a Bluetooth security vulnerability and is available now for a handful of different wireless Magic Keyboard versions. more….....»»
Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272)
Cisco has fixed a critical vulnerability (CVE-2024-20272) in Cisco Unity Connection that could allow an unauthenticated attacker to upload arbitrary files and gain root privilege on the affected system. Cisco Unity Connection is a unified messaging a.....»»
Apple patches security flaw that allowed Magic Keyboard Bluetooth connections to be faked
After a public disclosure in December, Apple has issued a firmware update for the Magic Keyboard to block a security flaw that allowed an attacker to enter keystrokes through a cloned keyboard connection.An Apple Magic KeyboardThe now-patched vulnera.....»»
Scientists tame chaotic protein fueling 75% of cancers
MYC is the shapeless protein responsible for making the majority of human cancer cases worse. UC Riverside researchers have found a way to rein it in, offering hope for a new era of treatments......»»
AirDrop crack: Apple was made aware of the vulnerability in 2019
The security vulnerability which seemingly led to an AirDrop crack by a Chinese state institute has been known to Apple since at least 2019, according to a new report. Some new details are also emerging about how China is able to obtain the phone.....»»
SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448)
A blind SQL injection vulnerability (CVE-2023-51448) in Cacti, a widely-used network monitoring, performance and fault management framework, could lead to information disclosure and potentially remote code execution. Cacti is often used in network op.....»»
Meat and dairy industry"s attempt to change how we measure methane emissions would let polluters off the hook
Lobbyists from major polluting industries were out in force at the recent UN climate summit, COP28. Groups representing the livestock industry, which is responsible for around 32% of global methane emissions, want to increase their use of a new way o.....»»