News
-
"Google Releases Vulnerability Scanner for Open-Source Software, Backed by Community-Editable Database"Google has announced the release of Open Source Vulnerability (OSV)-Scanner, a free vulnerability scanner for developers to have access to vulnerability information about open-source projects, which is said to be the largest community-editable database…
-
"Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update"Microsoft has patched 48 new vulnerabilities in its products, including one that attackers are actively exploiting and another that was publicly disclosed but is not currently being exploited. Six of the vulnerabilities addressed in the company's final…
-
"Nosey Parker: Find Sensitive Information in Textual Data and Git History"Praetorian has open-sourced the Nosey Parker secret scanning tool's regular expression-based (RegEx) scanning capabilities. One of the more common attack vectors for an organization is inadvertent secret disclosure. Nosey Parker addresses the pervasive…
-
"Amazon ECR Public Gallery Flaw Could Have Wiped or Poisoned Any Image"A critical security flaw in the Amazon Elastic Container Registry (ECR) Public Gallery could have enabled attackers to delete any container image or inject malicious code into images from other Amazon Web Services (AWS) accounts. The Amazon ECR Public…
-
"Ransomware Attackers Use Microsoft-Signed Drivers to Gain Access to Systems"Microsoft has revealed that it took action to suspend accounts used to publish malicious drivers certified by its Windows Hardware Developer Program, which were used to sign malware. The activity was limited to a number of developer program accounts, and…
-
"Major Android Security Leak: Manufacturer Signing Keys Used To Validate Malware Apps"A security issue involving manufacturing keys from major device manufacturers such as LG and Samsung has opened the door for malware apps to infiltrate user devices as legitimate updates. These malware apps can grant an attacker complete system-level…
-
"Inside the Mind of a Cybercriminal: Do Digital Law Breakers Have a Personality Type?"Malicious hackers have long been stereotyped as antisocial, loners, and computer addicts by the general public. However, a scientific examination has revealed a more nuanced and complex picture of cybercriminals, with many threat actors showing skills…
-
"ASU Researchers Collaborate Internationally to Secure Power Grid"Yang Weng, an assistant professor of electrical engineering at Arizona State University's Ira A. Fulton Schools of Engineering, is leading a cybersecurity collaboration that bridges American and Israeli organizations to improve both countries'…
-
"Will Protect Personal Data Behind New Algorithms"Ume University's Xuan-Son Vu, a postdoctoral fellow in computing science, is involved in a new research collaboration that will help researchers comply with the EU's General Data Protection Regulation (GDPR). According to Xuan-Son Vu, new methods will be…
-
"Most Apps Used in US Classrooms Share Students' Personal Data With Advertisers, Researchers Find"According to a new study conducted by the nonprofit Internet Safety Labs, 96 percent of apps used in K-12 schools in the US share children's personal information with third parties, including advertisers, often without the knowledge or consent of users…
-
"California Hit By Cyberattack, LockBit Claims Responsibility"California's Cybersecurity Integration Center (Cal-CSIC) recently confirmed that California's finance department had recently been hit by a cyberattack. Upon identification of the threat, digital security and online threat-hunting experts were…
-
"What Dangerous Security Vulnerabilities Can Access Control Systems Have?"Many access control systems that use facial recognition technology are insecure. They can be breached, deceived, and shown a person's photo on the phone screen rather than their actual face. A typical access control system consists of a device in a metal…