Vulnerabilities in Supermicro BMCs could allow for unkillable server rootkits
With the ability to manage huge fleets of servers, BMCs are ideal places to stash malware. Enlarge (credit: Getty Images) If your organization uses servers that are equipped with baseboard management controllers from Sup.....»»
One-third of dev professionals unfamiliar with secure coding practices
Attackers consistently discover and exploit software vulnerabilities, highlighting the increasing importance of robust software security, according to OpenSSF and the Linux Foundation. Despite this, many developers lack the essential knowledge and sk.....»»
NDAY Security ATTACKN identifies critical exploitable security vulnerabilities
NDAY Security unveiled the latest release to its automated offensive security platform, ATTACKN. This all-in-one platform enables organizations to deploy, monitor, and manage critical offensive security measures, including: Point-in-time Penetration.....»»
Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419)
Cisco has fixed two critical vulnerabilities that may allow attackers to overwrite files on its Secure Email Gateways (CVE-2024-20401) and change the password of any user on its Smart Software Manager On-Prem license servers (CVE-2024-20419). Neither.....»»
Grype: Open-source vulnerability scanner for container images, filesystems
Grype is an open-source vulnerability scanner designed for container images and filesystems that seamlessly integrates with Syft, a powerful Software Bill of Materials (SBOM) tool. Find vulnerabilities for major operating system packages Alpine Amazo.....»»
Astronomers detect dozens of new pulsating white dwarfs
Using NASA's Transiting Exoplanet Survey Satellite (TESS), astronomers have detected 32 new bright pulsating DA white dwarfs of the ZZ Ceti subclass. The finding was reported in a research paper published July 9 on the pre-print server arXiv......»»
Musk"s xAI, Oracle end talks on $10 billion server deal, the Information reports
Musk"s xAI, Oracle end talks on $10 billion server deal, the Information reports.....»»
Team pioneers a "one-pot platform" to promptly produce mRNA delivery particles
Imagine a scenario where a skilled hacker must upload critical software to update a central server and thwart a potentially lethal virus from wreaking havoc across a vast computer network. The programmer, armed with the lifesaving code, must navigate.....»»
Evidence of water vapor detected in the atmosphere of Smertrios
Using the CARMENES spectrograph, astronomers have found evidence of water vapor in the atmosphere of a hot Saturn exoplanet designated HD 149026 b, dubbed Smertrios. The finding, reported in a research paper published on the preprint server arXiv, co.....»»
YouTube"s server-side ad insertion complicates ad blocking efforts
YouTube"s server-side ad insertion complicates ad blocking efforts.....»»
Nova eruption of V1716 Sco inspected in X-rays and gamma rays
Astronomers from China and Taiwan have observed the nova eruption of V1716 Sco that took place last year, using various X-ray and gamma-ray space observatories. Results of the observational campaign, presented June 27 on the preprint server arXiv, pr.....»»
Vulnerabilities found in Swift repository left millions of iPhone apps exposed
The open-source Swift and Objective-C repository, CocoaPods, had multiple vulnerabilities that left millions of iOS and macOS apps exposed to potential attacks for a decade, but it is now patched.CocoaPods leave millions of iOS and macOS apps vulnera.....»»
3 million iOS and macOS apps were exposed to potent supply-chain attacks
Apps that used code libraries hosted on CocoaPods were vulnerable for about 10 years. Enlarge (credit: Aurich Lawson) Vulnerabilities that went undetected for a decade left thousands of macOS and iOS apps susceptible to.....»»
NIST says NVD will be back on track by September 2024
The National Institute of Standards and Technology (NIST) has awarded a contract for an unnamed company/organization to help them process incoming Common Vulnerabilities and Exposures (CVEs) for inclusion in the National Vulnerability Database (NVD),.....»»
PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)
Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM.....»»
RansomLord: Open-source anti-ransomware exploit tool
RansomLord is an open-source tool that automates the creation of PE files, which are used to exploit ransomware pre-encryption. “I created RansomLord to demonstrate ransomware is not invincible, has vulnerabilities and its developers make mista.....»»
The evolution of security metrics for NIST CSF 2.0
CISOs have long been spreadsheet aficionados, soaking up metrics and using them as KPIs for security progress. These metrics have traditionally measured specific systems or single indicators — vulnerabilities detected, percentage of vulnerabilities.....»»
Cybersecurity teams gear up for tougher challenges in 2024
In this Help Net Security video, Tom Gorup, VP of Security Services at Edgio, discusses the continually changing threat landscape. It is riddled with vulnerabilities that are frequently exploited and only intensify as geopolitics and state-sponsored.....»»
Starlinks can produce surprisingly bright flares for pilots
How can sunlight reflecting off SpaceX's Starlink satellites interfere with ground-based operations? This is what a study recently posted to the arXiv preprint server hopes to address as a pair of researchers investigate how Starlink satellites appea.....»»
The Artificial Intelligence Era Faces a Threat from Directed Energy Weapons
Autonomous and AI-enabled systems increasingly rely on optical and radio frequency sensors and significant computer power. They face growing vulnerabilities from directed-energy laser and microwave weapons.....»»
Observations explore open cluster NGC 1513
Using the National Astronomical Observatory (OAN) in Mexico, astronomers have observed an open cluster known as NGC 1513. Results of the observations, presented in a paper published May 16 on the pre-print server arXiv, yield crucial information rega.....»»