Collaborate Disseminate
Internet-exposed GNSS receivers pose a significant threat to sensitive operations. Kaspersky shares statistics on internet-exposed receivers for July 2024 and advice on how to protect against GNSS attacks. Continue reading Threats in space (or rather, on Earth): internet-exposed GNSS receivers
I’ve been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in the wild, and everything in between. The AIs aren’t very good at it yet, but they’re getting better.
Here’s some anecdotal data from this summer:
Since July 2024, ZeroPath is taking a novel approach combining deep program analysis with adversarial AI agents for validation. Our methodology has uncovered numerous critical vulnerabilities in production systems, including several that traditional Static Application Security Testing (SAST) tools were ill-equipped to find. This post provides a technical deep-dive into our research methodology and a living summary of the bugs found in popular open-source tools…
Kaspersky experts analyze cyberdefense weak points, including patch management, policy violations and MSSP issues, and real-world cases where compromise assessment helped detect and mitigate incidents. Continue reading Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses
The “severe” flaw could allow attackers full access to instances.
The post GitHub patches critical vulnerability in its Enterprise Servers appeared first on CyberScoop.
Continue reading GitHub patches critical vulnerability in its Enterprise Servers
National Cyber Director Harry Coker says the Biden administration is focusing on securing foundational technologies.
The post White House is prioritizing secure internet routing, using memory safe languages appeared first on CyberScoop.
Continue reading White House is prioritizing secure internet routing, using memory safe languages
The vulnerabilities are tied to the Microsoft Management Console and Windows MSHTML Platform.
The post Microsoft offers updates on 117 vulnerabilities on Patch Tuesday appeared first on CyberScoop.
Continue reading Microsoft offers updates on 117 vulnerabilities on Patch Tuesday
ForeScout said one of them warranted rating at the maximum severity level, although DrayTek has issued patches.
The post Research reveals vulnerabilities in routers that left 700,000-plus exposed appeared first on CyberScoop.
Continue reading Research reveals vulnerabilities in routers that left 700,000-plus exposed
Over 58,000 internet-exposed CUPS hosts can be abused for significant DDoS attacks, according to Akamai.
The post After Code Execution, Researchers Show How CUPS Can Be Abused for DDoS Attacks appeared first on SecurityWeek.
Continue reading After Code Execution, Researchers Show How CUPS Can Be Abused for DDoS Attacks
A critical-severity vulnerability in Zimbra has been exploited in the wild to deploy a web shell on vulnerable servers.
The post Critical Zimbra Vulnerability Exploited One Day After PoC Release appeared first on SecurityWeek.
Continue reading Critical Zimbra Vulnerability Exploited One Day After PoC Release
CISA warns that years-old vulnerabilities in SAP Commerce, Gpac framework, and D-Link DIR-820 routers are exploited in the wild.
The post Organizations Warned of Exploited SAP, Gpac and D-Link Vulnerabilities appeared first on SecurityWeek.
Continue reading Organizations Warned of Exploited SAP, Gpac and D-Link Vulnerabilities