How EU lawmakers can make mandatory vulnerability disclosure responsible
There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the problem and, once a fix is available, discloses that vulnerability for the bene.....»»
Codenotary Trustcenter 4.0 helps customers prioritize and address software security issues
Codenotary announced Trustcenter 4.0 with sophisticated capabilities to manage data in the VEX (Vulnerability Exploitability eXchange) format with a newly-designed search engine guided by ML. With the latest Trustcenter, vulnerability information con.....»»
Citrix Bleed leveraged to steal data of 35+ million Comcast Xfinity customers
Telecommunications company Comcast has confirmed a breach that exposed personal information of more than 35.8 million of Xfinity customers. Exploiting Citrix Bleed to breach Xfinity CVE-2023-4966 (aka Citrix Bleed) – an information disclosure v.....»»
macOS Sonoma 14.2.1 patches screen sharing flaw that exposes random windows
Apple has released iOS 17.2.1 and macOS Sonoma 14.2.1. Notably, the latter includes a patch for a vulnerability with screen sharing that can show others content from random “spaces” on your Mac when it looks like your desktop is empty. Here are t.....»»
SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795)
Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection’s security by truncating the extension negotiation message. The Terrapin at.....»»
Nanoparticles with antibacterial action could shorten duration of tuberculosis treatment
A low-cost technology involving nanoparticles loaded with antibiotics and other antimicrobial compounds that can be used in multiple attacks on infections by the bacterium responsible for most cases of tuberculosis has been developed by researchers a.....»»
As Beeper Mini broken for most, lawmakers call for antitrust investigation
Our sister site 9to5Google yesterday reported that Beeper Mini is now broken for most users – no longer allowing Android users to send and receive iMessages – after Apple took further steps to block the app. A bipartisan group of lawmakers is.....»»
Creating a formula for effective vulnerability prioritization
In this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights into the business impact of vulnerabilities. Gorelik discusses challenges posed by regulatory frameworks, incomplete asset inventor.....»»
Week in review: Apache Struts vulnerability exploit attempt, EOL Sophos firewalls get hotfix
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: SCS 9001 2.0 reveals enhanced controls for global supply chains In this Help Net Security interview, Mike Regan, VP of Business Performance at TIA,.....»»
UK project enhances legal understanding for legally accountable 10-year-olds, research finds
Most Year 5 children will know little about the law and their rights, yet at the stroke of midnight on their 10th birthday, they become criminally responsible in England, Wales, and Northern Ireland......»»
Sex chromosomes responsible for much more than determining sex, study shows
Human sex chromosomes originated from a pair of autosomes, the ordinary or non-sex chromosomes that contain the majority of our genome and come in identical pairs. That ancestral pair of autosomes diverged to become two different chromosomes, X and Y.....»»
Novel bacteria identification methods might help speed up disease diagnosis
Pseudomonas aeruginosa is a bacterial strain that can be responsible for several human diseases. The most serious include malignant external otitis, endophthalmitis, endocarditis, meningitis, pneumonia, and septicemia......»»
Making fossil fuel companies accountable for their products" emissions would support the clean energy transition
I recently found myself among a group of alarmed scientists, writing a fervent plea to the European Commission to be more ambitious when it comes to corporate greenhouse gas reporting requirements. Our open letter calling for comprehensive disclosure.....»»
New understanding of ancient genetic parasite may spur medical breakthroughs
A multidisciplinary study published in Nature has elucidated the structure of the machinery responsible for writing much of our "dark genome"—the 98% of our DNA that has largely unknown biological function. These results may spur entirely novel tre.....»»
Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164)
Attackers are trying to leverage public proof-of-exploit (PoC) exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2. “Attackers aim to deploy webshells, with some cases targeting the parameter .....»»
GuardRail: Open-source tool for data analysis, AI content generation using OpenAI GPT models
GuardRail OSS is an open-source project delivering practical guardrails to ensure responsible AI development and deployment. GuardRail: Tailored to an organization’s AI needs GuardRail OSS offers an API-driven framework for advanced data analysis,.....»»
COP28"s commitment to transforming farming and food systems is an insult to Africans
Globally, food systems are unsustainable: 80% of the production of food is powered by fossil fuels. The food system is responsible for over one-third of global greenhouse gas emissions. It is the primary driver of biodiversity loss. The COP28 climate.....»»
New genetic vulnerability to herbicide found in nearly 50 sweet and field corn lines
When a sweet corn breeder reached out in 2021 to report severe injury from the herbicide tolpyralate, Marty Williams hoped it was a fluke isolated to a single inbred line......»»
How worried should we be about the “AutoSpill” credential leak in Android password managers?
This newly discovered vulnerability is real, but it's more nuanced than that. Enlarge / Close up of hand holding smartphone and screen applications with unlocking mobile phones. Concept of technological safety. (credit: Getty Im.....»»
EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236)
Over a year has passed since Sophos delivered patches for a vulnerability affecting Sophos Firewalls (CVE-2022-3236) that was being actively exploited by attackers, and now they have pushed additional ones to protect vulnerable EOL devices. “In.....»»
CVS, Rite Aid, Walgreens hand out medical records to cops without warrants
Lawmakers want HHS to revise health privacy law to require warrants. Enlarge (credit: Getty | Jeffrey Greenberg) All of the big pharmacy chains in the US hand over sensitive medical records to law enforcement without a w.....»»