How EU lawmakers can make mandatory vulnerability disclosure responsible
There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the problem and, once a fix is available, discloses that vulnerability for the bene.....»»
Frackers can use dangerous chemicals without disclosure due to “Halliburton loophole”
Facking industry exempt from disclosure of 28 chemicals regulated by federal law. A fracking rig targets the Marcellus Shale. (credit: Wikimedia Commons) For almost 20 years, US public-health advocates have worried that.....»»
Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082)
Ivanti has disclosed a critical vulnerability (CVE-2023-35082) affecting old, out-of-support versions of MobileIron Core, an enterprise device solution that has since been rebranded to Ivanti Endpoint Manager Mobile (EPMM). “The vulnerability w.....»»
China mulls mandatory "minor mode" on iPhone to curb youth Internet abuse
Apple, other smartphone makers, and app developers may have to introduce limits to how Chinese children can use devices like iPhone and the apps to run them, if a new proposed law is put into effect.Restricting content for kidsA draft regulation put.....»»
Salesforce and Meta suffer phishing campaign that evades typical detection methods
The Guardio research team discovered an email phishing campaign exploiting a zero-day vulnerability in Salesforce’s legitimate email services and SMTP servers. Phishing email sample as was sent from the “@salesforce.com” email address The vulne.....»»
Score, then rank: Researchers propose an integrated approach to grant review assessments
The public funding of science is responsible for many of the biomedical and other scientific breakthroughs on which our lives depend. However, the process through which funding decisions are made, the peer review of grant proposals, has been historic.....»»
US lawmakers question Tim Cook on Apple’s plans for blockchain tech, App Store rules
A bipartisan group of lawmakers in the United States has reached out to Apple CEO Tim Cook seeking details on how App Store guidelines impact “Apple’s iOS App Store and how these policies are impacting American leadership in emerging technologies.....»»
Mobb automates vulnerability remediations with AI-powered technology
Mobb announced its AI-powered technology that automates vulnerability remediations to significantly reduce security backlogs and free developers to focus on innovation. Mobb ingests SAST results from various scanning tools and automatically fixes cod.....»»
Climate scientists use data from Hurricane Maria to test social vulnerability assessment tool
Nearly six years have passed since Hurricane Maria made landfall in Puerto Rico. The historic storm, one of the deadliest in U.S. history, significantly damaged more than 80% of the island's electrical power system, leading to massive disruptions of.....»»
Illegal shooting responsible for most birds found dead near power lines, study finds
Birds can be electrocuted if they come into contact with two energized parts of a power line at once—which can happen when they spread their wings to take off from or land on a power pole. Because of this, energy companies invest substantial time a.....»»
Stremio vulnerability exposes millions to attack
CyFox researchers have discovered a DLL planting/hijacking vulnerability in popular media center application Stremio, which could be exploited by attackers to execute code on the victim’s system, steal information, and more. About the vulnerabi.....»»
Relying on CVSS alone is risky for vulnerability management
A vulnerability management strategy that relies solely on CVSS for vulnerability prioritization is proving to be insufficient at best, according to Rezilion. In fact, relying solely on a CVSS severity score to assess the risk of individual vulnerabil.....»»
New persistent backdoor used in attacks on Barracuda ESG appliances
The Cybersecurity and Infrastructure Agency (CISA) has published an analysis report on the backdoors dropped by attackers exploiting CVE-2023-2868, a remote command injection vulnerability in Barracuda Email Security Gateway (ESG) appliances. Barracu.....»»
Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081)
Another actively exploited zero-day vulnerability (CVE-2023-35081) affecting Ivanti Endpoint Manager Mobile (EPMM) has been identified and fixed. The first zero-day spotted Last week, we reported on a remote unauthenticated API access vulnerability (.....»»
Congress grills Tim Cook over App Store rules affecting NFTs and crypto
Lawmakers in the U.S. Congress has asked Apple for clarity over the App Store guidelines, specifically how the rules impact blockchains and NFTs being used or traded in apps.CryptocurrenciesApple has a long list of rules and guidelines that affects h.....»»
How a Microbial Evolutionary Accident Changed Earth"s Atmosphere
An extra membrane that once had digestive functions let marine microbes boost their yield from photosynthesis. Today, they're responsible for locking carbon in the ocean and putting oxygen in the air......»»
Instead of obtaining a warrant, the NSA would like to keep buying your data
The agency opposes an amendment that prevents it from using data brokers. National Security Agency headquarters. (credit: Trevor Paglen, Wikimedia Commons) An effort by United States lawmakers to prevent government agenc.....»»
Make:cast – Experiential Learning at NJIT
Daniel Brateris is Director of Experiential Learning at New Jersey Institute of Technology in Newark, New Jersey. We talk about the practice of hands on learning and its value to students in engineering. He was responsible for building out the manuf.....»»
US senator blasts Microsoft for “negligent cybersecurity practices”
Rebuke follows recent breach that exposed email accounts of US federal officials. Enlarge (credit: Getty Images) A US senator is calling on the Justice Department to hold Microsoft responsible for “negligent cybersecur.....»»
Investors want better climate risk disclosure, says study
Institutional investors want companies to report more about their climate risk, according to a new study from a researcher at The University of Texas at Austin......»»
SEC adopts new cybersecurity incident disclosure rules for companies
The Securities and Exchange Commission (SEC) today adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management,.....»»