What"s Behind the Explosion of Low-Code and No-Code Applications
Companies are turning to low-code/no-code platforms as they struggle to find skilled developers. But there are other reasons for the growth. Continue reading........»»
New infosec products of the week: September 13, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Druva, Huntress, Ketch, LOKKER, Tenable, Trellix, and Wing Security. Tenable AI Aware provides exposure insight into AI applications, libraries and plugins T.....»»
Adobe Acrobat Reader has a serious security flaw — so patch now
A bug allows threat actors to launch malicious code on Acrobat Reader remotely, and it's already being used in the wild......»»
Researchers solve long-standing mystery of alumina surface structure
Aluminum oxide (Al2O3), also known as alumina, corundum, sapphire, or ruby, is one of the best insulators used in a wide range of applications: in electronic components, as a support material for catalysts, or as a chemically resistant ceramic, to na.....»»
Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869)
Among the security updates released by Adobe on Tuesday are those for various versions of Adobe Acrobat and Reader, which fix two critical flaws that could lead to arbitrary code execution: CVE-2024-45112 and CVE-2024-41869. Nothing in the advisory p.....»»
Smartphone-based microscope rapidly reconstructs 3D holograms
Researchers have developed a new smartphone-based digital holographic microscope that enables precision 3D measurements. The highly portable and inexpensive microscope could help bring 3D measurement capabilities to a broader range of applications, i.....»»
Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847)
Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers to remotely execute code in the context of the vulnerable system, and use i.....»»
Tenable AI Aware provides exposure insight into AI applications, libraries and plugins
Tenable released AI Aware, advanced detection capabilities designed to surface artificial intelligence solutions, vulnerabilities and weaknesses available in Tenable Vulnerability Management. Tenable AI Aware provides exposure insight into AI applica.....»»
Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes
September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, CVE-2024-43461) exploited by attackers in the wild, and a Windows 10 code defect (C.....»»
The Yale Code is a unique alternative to traditional smart locks
The Yale Code lacks the connectivity of smart locks, yet it still offers keypad support, Auto-Lock, and the option to toggle settings directly from the lock......»»
33 open-source cybersecurity solutions you didn’t know you needed
Open-source cybersecurity tools provide transparency and flexibility, allowing users to examine and customize the source code to fit specific security needs. These tools make cybersecurity accessible to a broader range of organizations and individual.....»»
Chemical chameleon reveals novel pathway for separating rare-earth metals
Researchers at the Department of Energy's Oak Ridge National Laboratory have found a chemical "chameleon" that could improve the process used to purify rare-earth metals used in clean energy, medical and national security applications......»»
Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)
CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and reported by Code WHite researcher Florian Hauser, the vulnerability can be leveraged fo.....»»
Scalable, multi-functional device lays groundwork for advanced quantum applications
Researchers have demonstrated a new multi-functional device that could help advance the scalability of solid-state color centers, enabling them to be used in larger and more complex quantum computers and networks. As efficient photon-spin interfaces,.....»»
Red Hat Enterprise Linux AI extends innovation across the hybrid cloud
Red Hat Enterprise Linux (RHEL) AI is Red Hat’s foundation model platform, enabling users to develop, test, and run GenAI models to power enterprise applications. The platform brings together the open source-licensed Granite LLM family and Instruct.....»»
OpenZiti: Secure, open-source networking for your applications
OpenZiti is a free, open-source project that embeds zero-trust networking principles directly into applications. Example of an OpenZiti overlay network OpenZiti features “We created OpenZiti to transform how people think about connectivity. Whi.....»»
Space travel comes with risk—SpaceX"s Polaris Dawn mission will push the envelope further than ever
Space is an unnatural environment for humans. We can't survive unprotected in a pure vacuum for more than two minutes. Getting to space involves being strapped to a barely contained chemical explosion......»»
Theoretical research establishes unified way to quantify vital quantum properties
The foundation of nearly all quantum information applications—such as computation and communication—rely on the quantum properties of superposition and entanglement......»»
Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)
For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to unauthenticated remote code execution. About CVE-2024-45195 Apache OFBiz is an.....»»
September 2024 Patch Tuesday forecast: Downgrade is the new exploit
I asked for a calm August 2024 Patch Tuesday in last month’s forecast article and that came to pass. The updates released were limited to the regular operating systems and all forms of Office applications. Six zero-day vulnerabilities were announce.....»»
Skyhigh AI mitigates risks associated with AI applications
Skyhigh Security unveiled Skyhigh AI, an advanced suite of AI-powered capabilities within its Security Service Edge (SSE) platform designed to elevate organizations’ security posture. Skyhigh AI significantly reduces the risks associated with enter.....»»