Collaborate Disseminate
Despite its importance, patching can be challenging for organizations due to factors such as the sheer volume of patches released by software vendors, compatibility issues with existing systems, and the need to balance security with operational continu… Continue reading Enhancing security through proactive patch management
The report from Coalition indicates an anticipated 25% rise in the total count of published common vulnerabilities and exposures (CVEs) for 2024, reaching 34,888 vulnerabilities, equivalent to approximately 2,900 per month. Sharp CVE increase heightens… Continue reading CVE count set to rise by 25% in 2024
Despite stringent regulations and calls for ‘security by design’, organizations are still failing to equip teams with the knowledge to secure code, according to Security Journey. In fact, only 20% of respondents were confident in their ability to detec… Continue reading Unlocking sustainable security practices with secure coding education
Whether we’d like to admit it to ourselves or not, all humans harbor subconscious biases that powerfully influence our behavior. One of these is the omission bias, which has interesting ramifications in the world of cyber security, specifically vulnera… Continue reading The effect of omission bias on vulnerability management
In a rare squid/security post, here’s an article about unpatched vulnerabilities in the Squid caching proxy.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting gu… Continue reading Friday Squid Blogging: Unpatched Vulnerabilities in the Squid Caching Proxy
The October forecast for large numbers of CVEs addressed in Windows 10 and 11 and the recent record on the number fixed in Windows Server 2012 was spot on! Microsoft addressed 75 CVEs in Windows 11, 80 in Windows 10, and 61 in Server 2012 R2. While Ser… Continue reading November 2023 Patch Tuesday forecast: Year 21 begins
The Kubernetes industry is undergoing rapid change and evolution due to the growth of edge computing, the acceleration of AI, and the pressing need to modernize Kubernetes management in response to increasing technology scale and complexity, according … Continue reading Organizations lack the skills and headcount to manage Kubernetes
Curl v8.4.0 is out, and fixes – among other things – a high-severity SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545). Appropriate patches for some older curl versions have been released, too. Preparation for the security updates … Continue reading Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)
Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead devel… Continue reading Be prepared to patch high-severity vulnerability in curl and libcurl
The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library, which is used by many popular applic… Continue reading Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)