Vulnerabilities in Supermicro BMCs could allow for unkillable server rootkits
With the ability to manage huge fleets of servers, BMCs are ideal places to stash malware. Enlarge (credit: Getty Images) If your organization uses servers that are equipped with baseboard management controllers from Sup.....»»
NIST report on hardware security risks reveals 98 failure scenarios
NIST’s latest report, “Hardware Security Failure Scenarios: Potential Hardware Weaknesses” (NIST IR 8517), explores the hidden vulnerabilities in computer hardware, a domain often considered more secure than software. The report hig.....»»
Critical vulnerabilities persist in high-risk sectors
Finance and insurance sectors found to have the highest number of critical vulnerabilities, according to Black Duck. Finance and insurance industry faces highest vulnerabilities The report, which analyzes data from over 200,000 dynamic application se.....»»
NIST is chipping away at NVD backlog
The National Institute of Standards and Technology (NIST) is clearing the backlog of unprocessed CVE-numbered vulnerabilities in the National Vulnerability Database (NVD), but has admitted that their initial estimate of when they would finish the job.....»»
Zero-days dominate top frequently exploited vulnerabilities
A joint report by leading cybersecurity agencies from the U.S., UK, Canada, Australia, and New Zealand has identified the most commonly exploited vulnerabilities of 2023. Zero-day vulnerabilities on the rise The advisory highlights that malicious cyb.....»»
Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)
November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 – are actively exploited by attackers. The exploited vulnerabilities.....»»
Astronomers investigate long-term variability of blazar AO 0235+164
Astronomers have performed a comprehensive multiwavelength study of an extremely variable blazar known as AO 0235+164. Results of the new study, published Nov. 3 on the preprint server arXiv, shed more light on the long-term variability and behavior.....»»
Setting a security standard: From vulnerability to exposure management
Vulnerability management has been the standard approach to fending off cyber threats for years. Still, it falls short by focusing on a limited number of vulnerabilities, often resolving only 1% to 20% of issues. In 2024, with the average data breach.....»»
November 2024 Patch Tuesday forecast: New servers arrive early
Microsoft followed their October precedent set with Windows 11 24H2 and announced Microsoft Server 2025 on the first of November. We were expecting the official announcement at Microsoft Ignite near the end of the month, but with the early release, e.....»»
Symbiotic provides developers with real-time feedback on potential security vulnerabilities
Symbiotic Security launched a real-time security for software development that combines detection and remediation with just-in-time training – incorporating security testing and training directly into the development process without breaking develo.....»»
Google patches actively exploited Android vulnerability (CVE-2024-43093)
Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, a vulnerability in the Google Play fr.....»»
Claro Enterprise Solutions helps organizations identify vulnerabilities within Microsoft 365
Claro Enterprise Solutions launched Collaboration Security Management solution. This comprehensive service addresses critical security challenges related to file sharing, data loss events, or unknown shadow users, faced by organizations using Microso.....»»
What monkeys might teach us about evaluating presidential candidates
Does a candidate's appearance affect how we vote? There's growing evidence that suggests the answer may be yes. In a recent study published on the preprint server bioRxiv, neuroscientists at the University of Pennsylvania and the Champalimaud Center.....»»
A smaller Mac mini brings big problems for server farms and accessory makers
The greatly reduced size of the new M4 Mac mini is fantastic, but will be trouble for colocation services, rack mounters, and folks with hubs that will no longer fit neatly under the computer.The smaller size of the M4 Mac mini (right) means certain.....»»
Windows kernel components can be installed to bypass defense systems
Experts reveal a way to "downgrade" a fully updated Windows 11 device, and thus reintroduce vulnerabilities......»»
Fraudsters revive old tactics mixed with modern technology
Threat actors continue to probe the payments ecosystem for vulnerabilities and were successful in conducting fraud schemes affecting multiple financial institutions, technologies, and processes, according to Visa. The resurgence of physical theft Sca.....»»
How isolation technologies are shaping the future of Kubernetes security
In this Help Net Security interview, Emily Long, CEO at Edera, discusses the most common vulnerabilities in Kubernetes clusters and effective mitigation strategies. Long shares insights on emerging isolation technologies that could enhance Kubernetes.....»»
Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Fortinet releases patches for publicly undisclosed critical FortiManager vulnerability In the last couple of days, Fortinet has released critical se.....»»
Exploited: Cisco, SharePoint, Chrome vulnerabilities
Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947). CVE-2024-20481 (Cisco ASA/FTD) In the past few.....»»
Super Micro Computer, Inc. (NASDAQ:SMCI)’s New 3U Server Boosts AI Inference Capabilities
Super Micro Computer, Inc. (NASDAQ:SMCI)’s New 3U Server Boosts AI Inference Capabilities.....»»
VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)
Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fully addressed the first time and could allow attackers to achieve remote code execution. The v.....»»