Serious vulnerabilities in Matrix’s end-to-end encryption are being patched
Previously overlooked flaws allow malicious homeservers to decrypt and spoof messages. Enlarge (credit: matrix.org) Developers of the open source Matrix messenger protocol are releasing an update on Thursday to fix critical en.....»»
Facebook Messenger E2E encryption rolling out to millions more; to all by year end
Facebook Messenger E2E encryption has been available to some users for some years now, but a full rollout has taken longer than expected. The company says it is now expanding end-to-end encrypted messaging to “millions” more people, and promis.....»»
Does a secure coding training platform really work?
As security vulnerabilities are reported to you time and again, you may ask yourself: “Why don’t these developers learn the lesson?” The next thing you may think is: “We should train developers, so they stop making these mistakes.” For.....»»
Juniper Networks fixes flaws leading to RCE in firewalls and switches
Juniper Networks has fixed four vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) in Junos OS that, if chained together, could allow attackers to achieve remote code execution (RCE) on the company’s SRX firewalls.....»»
Google announces new algorithm that makes FIDO encryption safe from quantum computers
New approach combines ECDSA with post-quantum algorithm called Dilithium. Enlarge (credit: Getty Images) The FIDO2 industry standard adopted five years ago provides the most secure known way to log in to websites because.....»»
(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise
Administrators of Citrix NetScaler ADC and Gateway appliances should check for evidence of installed webshells even if they implemented fixes for CVE-2023-3519 quickly: A recent internet scan by Fox-IT researchers has revealed over 1,800 backdoored N.....»»
MongoDB Queryable Encryption enables organizations to meet data-privacy requirements
MongoDB Queryable Encryption helps organizations protect sensitive data when it is queried and in-use on MongoDB. It reduces the risk of data exposure for organizations and improves developer productivity by providing built-in encryption capabilities.....»»
Almost all VPNs are vulnerable to traffic-leaking TunnelCrack attacks
Several vulnerabilities that affect most VPN products out there can be exploited by attackers to read user traffic, steal user information, or even attack user devices, researchers have discovered. “Our attacks are not computationally expensive.....»»
Researchers show cells communicate by pulling on a fiber network
Mechanics play a larger role in blood vessel formation and other developmental biology than previously thought. Cells appear to respond to mechanical signals, such as pressure. Through the extracellular matrix, a network of fibrous proteins, cells ca.....»»
Major vulnerabilities discovered in data center solutions
Researchers have discovered serious security vulnerabilities in two widely used data center solutions: CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit.....»»
Microsoft finds vulnerabilities it says could be used to shut down power plants
Exploitation is hard and patches are already out, but the potential risk is great. Enlarge (credit: Rockwell Automation) On Friday, Microsoft disclosed 15 high-severity vulnerabilities in a widely used collection of tool.....»»
How to handle API sprawl and the security threat it poses
The proliferation of APIs has marked them as prime targets for malicious attackers. With recent reports indicating that API vulnerabilities are costing businesses billions of dollars annually, it’s no wonder they are at the top of mind of many cybe.....»»
How fame-seeking teenagers hacked some of the world’s biggest targets
With no skill in software exploitation or encryption busting, Lapsus$ wins anyway. Enlarge (credit: Getty Images) A ragtag bunch of amateur hackers, many of them teenagers with little technical training, have been so ade.....»»
Latest Intel and AMD vulnerabilities a gentle reminder to switch to Apple silicon
A pair of vulnerabilities have been discovered impacting Intel and AMD CPUs, and they both affect generations of processors for those who haven't updated their systems yet.Intel logoThe new threats are called "Downfall" and "Inception," and both rely.....»»
Critical Start introduces Managed Cyber Risk Reduction to address risks, vulnerabilities, and threats
Critical Start introduced Managed Cyber Risk Reduction (MCRR), a new approach to security designed to reshape the way businesses combat cyber risks. MCRR, the next evolution of MDR, provides a comprehensive managed solution to address risks, vulnerab.....»»
Vicarius vuln_GPT enables security teams to find and fix software vulnerabilities
Vicarius launched vuln_GPT, an LLM model trained to generate remediation scripts for software vulnerabilities in the race to find and fix vulnerabilities faster than hackers. The vuln_GPT engine will be freely offered within vsociety, Vicarius’ soc.....»»
“Downfall” bug affects years of Intel CPUs, can leak encryption keys and more
Researchers also disclosed a separate bug called "Inception" for newer AMD CPUs. Enlarge / An 8th-generation Intel Core desktop CPU, one of several CPU generations affected by the Downfall bug. (credit: Mark Walton) It's.....»»
Minister defends safety law on messaging apps
Tech Secretary insists technology is in development to access illegal content without breaking encryption......»»
AI hacking gets White House backing, as some systems go rogue on their own
A group of white hat hackers are competing to make AI go rogue – with the backing of the White House. The contest, at this year’s Def Con event, is intended to expose vulnerabilities in artificial intelligence systems, so that their developers ca.....»»
Downfall attacks can gather passwords, encryption keys from Intel processors
A variety of Intel Core processors and the devices using them are vulnerable to “Downfall”, a new class of attacks made possible by CVE-2022-40982, which enables attackers to access and steal sensitive data such as passwords, encryption k.....»»
BigID introduces Data Risk Assessment for hybrid environments
BigID has introduced its Data Risk assessment reporting capability. BigID’s Data Risk Assessment allows organizations to streamline data security posture reporting, providing comprehensive insights about their data risks and vulnerabilities wit.....»»