Serious vulnerabilities in Matrix’s end-to-end encryption are being patched
Previously overlooked flaws allow malicious homeservers to decrypt and spoof messages. Enlarge (credit: matrix.org) Developers of the open source Matrix messenger protocol are releasing an update on Thursday to fix critical en.....»»
OpenWrt dominates, but vulnerabilities persist in OT/IoT router firmware
Forescout has published a new report examining the current state of the software supply chain in OT/IoT routers. The study uncovered that OT and IoT cellular routers and those used in small offices and homes contain outdated software components assoc.....»»
Contrast Security ADR enables teams to identify vulnerabilities, detect threats, and stop attacks
Contrast Security introduced Application Detection and Response (ADR), which empowers security teams to identify vulnerabilities, detect threats, and stop attacks that target custom applications and APIs. Today’s layered “detection and respon.....»»
Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise
Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities, and, as a result, data loss are the reality that DevSecOps teams have to face every few days, according to GitProtect.io. DevSecOps The possibility to integrate.....»»
Vertically stacked skin-like active-matrix display with ultrahigh aperture ratio
Skin-like displays are critical components of information output in next-generation portable and wearable electronics. Currently, all such displays are fabricated on glass or thick plastic substrates, limiting the inherent mechanical flexibility of o.....»»
Rapid7 releases Command Platform, unified attack defense and response
Rapid7 launched its Command Platform, a unified threat exposure, detection, and response platform. It allows customers to integrate their critical security data to provide a unified view of vulnerabilities, exposures, and threats from endpoint to clo.....»»
Apple introduces revolutionary privacy technique for protecting sensitive data
Apple is finally introducing homomorphic encryption into its products. This cryptographic technique is new for the tech giant but will be a massive revolution for … The post Apple introduces revolutionary privacy technique for protecting sensit.....»»
Securing remote access to mission-critical OT assets
In this Help Net Security interview, Grant Geyer, Chief Strategy Officer at Claroty, discusses the prevalent vulnerabilities in Windows-based engineering workstations (EWS) and human-machine interfaces (HMI) within OT environments. Geyer also address.....»»
Coding practices: The role of secure programming languages
Safety and quality are not features that can be added through testing — they must be integral to the design. Opting for a safer or more secure language or language subset during implementation can eliminate entire categories of vulnerabilities. The.....»»
eBook: 20 tips for secure cloud migration
More organizations rely on cloud platforms to reap the benefits of scalability, flexibility, availability, and reduced costs. However, cloud environments come with security challenges and vulnerabilities. The Thales 2020 Data Threat Report indicates.....»»
Coalfire announces Cyber Security On-Demand portfolio
Coalfire announced its Cyber Security On-Demand portfolio to provide a flexible set of services that reduce cyber risks and remediate security vulnerabilities in customer environments. As attack surfaces grow, defenders need flexibility and a hacker.....»»
One-third of dev professionals unfamiliar with secure coding practices
Attackers consistently discover and exploit software vulnerabilities, highlighting the increasing importance of robust software security, according to OpenSSF and the Linux Foundation. Despite this, many developers lack the essential knowledge and sk.....»»
NDAY Security ATTACKN identifies critical exploitable security vulnerabilities
NDAY Security unveiled the latest release to its automated offensive security platform, ATTACKN. This all-in-one platform enables organizations to deploy, monitor, and manage critical offensive security measures, including: Point-in-time Penetration.....»»
Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419)
Cisco has fixed two critical vulnerabilities that may allow attackers to overwrite files on its Secure Email Gateways (CVE-2024-20401) and change the password of any user on its Smart Software Manager On-Prem license servers (CVE-2024-20419). Neither.....»»
Grype: Open-source vulnerability scanner for container images, filesystems
Grype is an open-source vulnerability scanner designed for container images and filesystems that seamlessly integrates with Syft, a powerful Software Bill of Materials (SBOM) tool. Find vulnerabilities for major operating system packages Alpine Amazo.....»»
Overlooked essentials: API security best practices
In this Help Net Security, Ankita Gupta, CEO at Akto, discusses API security best practices, advocating for authentication protocols like OAuth 2.0 and OpenID Connect, strict HTTPS encryption, and the use of JWTs for stateless authentication. Gupta r.....»»
Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to targets in North America, Europe, and Southeast Asia, threat hunters with Tre.....»»
Phone encryption debate will reignite over attempted Trump assassination
Former President Donald Trump would-be assassin's locked phone is in FBI custody. Stand by for the next attack on encryption, privacy, and security.Privacy and security rely on encryption, a bane to investigatorsThe manufacturer of the shooter's phon.....»»
Encrypted traffic: A double-edged sword for network defenders
Organizations are ramping up their use of encrypted traffic to lock down data. Could they be making it easier to hide threats in the process? On one hand, encryption means enhanced privacy, but it can also make the job of security analysts much harde.....»»
Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112)
CVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by attackers in the wild for over a year, Check Point researcher Haifei Li has revealed. “Check Poi.....»»
Engineers develop advanced optical computing method for multiplexed data processing and encryption
Engineers at the University of California, Los Angeles (UCLA) have unveiled a major advancement in optical computing technology that promises to enhance data processing and encryption. The work is published in the journal Laser & Photonics Reviews......»»