Most GitHub Actions workflows are insecure in some way
Most GitHub Actions are susceptible to exploitation; they are overly privileged or have risky dependencies, according to Legit Security. GitHub Actions security flaws pose major risks The report found the GitHub Actions marketplace’s security postu.....»»
How America"s elites may hold the key to lowering murder rates
New crime laws, police funding and similar efforts may have some effect on homicide rates in the United States—but the biggest impact will come from the actions of our political and economic elites......»»
Microsoft Excel keyboard shortcuts everyone should know
Looking for a faster way to work with your spreadsheets? Check out these Excel keyboard shortcuts you should know for quick actions and easy navigation......»»
Insecure file-sharing practices in healthcare put patient privacy at risk
Healthcare organizations continue to put their business and patients at risk of exposing their most sensitive data, according to Metomic. 25% of publicly shared files owned by healthcare organizations contain Personally Identifiable Information (PII).....»»
New infosec products of the week: July 26, 2024
Here’s a look at the most interesting products from the past week, featuring releases from GitGuardian, LOKKER, Permit.io, Secure Code Warrior, and Strata Identity. GitGuardian’s tool helps companies discover developer leaks on GitHub GitGuardian.....»»
Docker fixes critical auth bypass flaw, again (CVE-2024-41110)
A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. A.....»»
Researchers expose GitHub Actions workflows as risky and exploitable
GitHub is an immensely popular platform, with over 100 million developers and over 90% of Fortune 100 companies utilizing it. Despite its widespread use, many GitHub Actions workflows remain insecure, often due to excessive privileges or high-risk de.....»»
Network of ghost GitHub accounts successfully distributes malware
Check Point researchers have unearthed an extensive network of GitHub accounts that they believe provides malware and phishing link Distribution-as-a-Service. Set up and operated by a threat group the researchers dubbed as Stargazer Goblin, the ̶.....»»
Spain launches antitrust investigation over Apple"s App Store practices
Spain has become the latest country to accuse Apple of possible anticompetitive actions concerning alleged unfair treatment of developers on the App Store.Apple Passeig de Gracia store in SpainThe investigation is to be conducted by Spain's Comision.....»»
GitGuardian’s tool helps companies discover developer leaks on GitHub
GitGuardian releases a tool to help companies discover how many secrets their developers have leaked on public GitHub, both company-related and personal. Even if your organization doesn’t engage in open source, your developers or subcontractors.....»»
T-Mobile’s controversial price increases have gotten it in trouble
T-Mobile recently raised prices for some of its customers who are on older plans. Now it’s being sued over its actions......»»
Most GitHub Actions workflows are insecure in some way
Most GitHub Actions are susceptible to exploitation; they are overly privileged or have risky dependencies, according to Legit Security. GitHub Actions security flaws pose major risks The report found the GitHub Actions marketplace’s security postu.....»»
UK opens probe into risks of using Apple Wallet and rivals
A pair of UK regulatory bodies have launched a joint and all-encompassing investigation into digital wallets, including Apple Wallet, concerning fees, anti-competitive actions, and harm if they stop working.Apple Wallet and Apple Pay are to be invest.....»»
Victim-blaming, manipulation, and denial: How terrorists use language to justify violence
Victim-blaming, denial and reversal are among the tactics used by terrorists to justify their violent actions and influence audience perceptions of harm and agency, according to a new Charles Darwin University (CDU) study examining the language of so.....»»
Study identifies high-performance alternative to conventional ferroelectrics
Lighting a gas grill, getting an ultrasound, using an ultrasonic toothbrush—these actions involve the use of materials that can translate an electric voltage into a change in shape and vice versa......»»
GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)
A critical, 10-out-of-10 vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances has been fixed by Microsoft-owned GitHub. Fortunately, there is a catch that may narrow down the pool of poten.....»»
Artificial nanomagnets inspire mechanical system with memory capability
An international research team including Los Alamos National Laboratory and Tel Aviv University has developed a unique, mechanical metamaterial that, like a computer following instructions, can remember the order of actions performed on it. Named Cha.....»»
CyberArk CORA AI accelerates identity threat detection
CyberArk announced CyberArk CORA AI, a new set of AI-powered capabilities that will be embedded across its identity security platform. CORA AI will translate vast numbers of identity data points into insights and enables multi-step actions in natural.....»»
Apple fires back at DOJ antitrust case, calls for immediate dismissal
Apple has begun the process of filing a motion to have the Department of Justices lawsuit over App Store and other antitrust actions to be dismissed.Apple ParkApple's motion to dismiss the Department of Justice's (DOJ) allegations of antitrust behavi.....»»
Is an open-source AI vulnerability next?
AI has captured widespread interest and offers numerous benefits. However, its rapid advancement and widespread adoption raise concerns, especially for those of us in cybersecurity. With so much interest, there are lots of insecure applications findi.....»»
iOS 18 will let you set custom voice phrases to trigger actions, no ‘Siri’ necessary
Today amid a wealth of accessibility announcements, including hands-free CarPlay and the futuristic Live Captions on Vision Pro, Apple announced that iOS 18 would be introducing a powerful new voice feature. Vocal Shortcuts will enable system-wide ac.....»»