How EU lawmakers can make mandatory vulnerability disclosure responsible
There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the problem and, once a fix is available, discloses that vulnerability for the bene.....»»
Tides may be responsible for up to 69% of under-ice melting in an Antarctica ice shelf
The ice shelves—the marine-terminating glaciers of the Antarctic Ice Sheet—are melting, and it's not just because of rising atmospheric temperatures. In a one-two punch, ice shelves in Antarctica are fighting a losing battle against rising temper.....»»
Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure
North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe and the US. The group leveraged the vul.....»»
WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April
Vulnerability allows hackers to execute malicious code when targets open malicious ZIP files. Enlarge (credit: Getty Images) A newly discovered zero-day in the widely used WinRAR file-compression program has been exploit.....»»
Ivanti Sentry zero-day vulnerability exploited, patch ASAP! (CVE-2023-38035)
Ivanti is urging administrators of Ivanti Sentry (formerly MobileIron Sentry) gateways to patch a newly discovered vulnerability (CVE-2023-38035) that could be exploited to change configuration, run system commands, or write files onto the vulnerable.....»»
Passenger seat belt warnings should be mandatory, say feds
The rule would apply to cars, trucks, and smaller buses. Enlarge (credit: Getty Images) Not all vehicle occupants are protected equally when it comes to car crashes. Until 2017, cars weren't even routinely crash-tested o.....»»
Ivanti Sentry zero-day vulnerability fixed, patch ASAP! (CVE-2023-38035)
Ivanti is urging administrators of Ivanti Sentry (formerly MobileIron Sentry) gateways to patch a newly discovered vulnerability (CVE-2023-38035) that could be exploited to change configuration, run system commands, or write files onto the vulnerable.....»»
WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477)
RARLAB has fixed a high-severity RCE vulnerability (CVE-2023-40477) in the popular file archiver tool WinRAR. About CVE-2023-40477 A widely used Windows-only utility, WinRAR can create and extract file archives in various compression formats (RAR, ZI.....»»
The complex world of CISO responsibilities
A Chief Information Security Officer (CISO) plays a crucial role in protecting an organization’s digital assets. They are responsible for ensuring the security of sensitive information, defending against cyber threats, and maintaining data inte.....»»
How EU lawmakers can make mandatory vulnerability disclosure responsible
There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the problem and, once a fix is available, discloses that vulnerability for the bene.....»»
Trees, rivers and mountains are gaining legal status—but it"s not been a quick fix for environmental problems
As the scale and severity of environmental issues become more obvious, lawmakers are experimenting with new ways to protect nature. One approach that has gone from blue-sky debate to meaningful reality over the past 50 years is to give elements of th.....»»
Should I Credit Card?
Getting a credit card is an important part of adult life and will have a significant impact on your finances. Building credit over a longer period of time, and being able to demonstrate that you are financially responsible, is important. However, cre.....»»
New infosec products of the week: August 18, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Action1, MongoDB, Bitdefender, SentinelOne and Netskope. Action1 platform update bridges the gap between vulnerability discovery and remediation Action1 Corp.....»»
New call for joint effort to bolster research integrity
Who's responsible for upholding research integrity, mitigating misinformation or disinformation and increasing trust in research? Everyone, even those reporting on research, says a new article published by leading research integrity experts......»»
How the iconic U.S. Steel became an acquisition target
U.S. Steel's shares were undervalued compared with many of its major peer before the takeover disclosure last week......»»
Study reveals America"s wealthiest 10% responsible for 40% of US greenhouse gas emissions
A new study, led by the University of Massachusetts Amherst, reveals that the wealthiest Americans, those whose income places them in the top 10% of earners, are responsible for 40% of the nation's total greenhouse gas emissions. The study, published.....»»
Citrix ShareFile vulnerability actively exploited (CVE-2023-24489)
CVE-2023-24489, a critical Citrix ShareFile vulnerability that the company has fixed in June 2023, is being exploited by attackers. GreyNoise has flagged on Tuesday a sudden spike in IP addresses from which exploitation attempts are coming, and the C.....»»
Discovery of chikungunya virus"s "invisibility shield" may lead to vaccines or treatments
Researchers at Albert Einstein College of Medicine have found that the virus responsible for chikungunya fever can spread directly from cell to cell—perhaps solving the longstanding mystery of how the virus, now emerging as a major health threat, c.....»»
Visualizing the microscopic phases of magic-angle twisted bilayer graphene
A Princeton University-led team of scientists has imaged the precise microscopic underpinnings responsible for many quantum phases observed in a material known as magic-angle twisted bilayer graphene (MATBG). This remarkable material, which consists.....»»
Early disclosure of risks can reduce decline in stocks, study finds
Early, enhanced information provided by a 10-K (an annual report required by the SEC about a company's financial picture) helps investors with risk management, according to new research from the University at Buffalo School of Management......»»
Why the “voluntary AI commitments” extracted by the White House are nowhere near enough
Representatives from Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI recently convened at the White House for a meeting with President Biden with the stated mission of “ensuring the responsible development and distribution of art.....»»