Nearly two million Brits may have had their identity stolen and used by fraudsters to open a financial account in 2023, according to FICO’s new Fraud, Identity and Digital Banking Report. The analytics firm found that 4.3% of respondents had their identity abused in this way, which would equate to 1.9 million people if extrapolated […]
Critical shim bug impacts every Linux boot loader signed in the past decade Pierluigi Paganini February 07, 2024 The maintainers of Shim addressed six vulnerabilities, including a critical flaw that could potentially lead to remote code execution. The maintainers of ‘shim’ addressed six vulnerabilities with the release of version 15.8. The most severe of these […]
Governance & Risk Management , Risk Assessments Government Watchdog Urges ONCD to Develop Outcome-Oriented Performance Measures Chris Riotta (@chrisriotta) • February 5, 2024 Setting metrics for cybersecurity isn’t easy, White House officials said. (Image: Shutterstock) A government watchdog urged the White House to establish metrics that would help determine the effectiveness of federal […]
Canon has patched seven critical buffer-overflow bugs affecting its small office multifunction printers and laser printers. Tracked as CVE-2023-6229 through CVE-2023-6234 (plus CVE-2024-0244), they affect different processes common across Canon’s product lines – the username or password process involved with authenticating mobile devices, for example, the Service Location Protocol (SLP) attribute request process, and more. […]
The threat actors behind the KV-botnet made “behavioral changes” to the malicious network as U.S. law enforcement began issuing commands to neutralize the activity. KV-botnet is the name given to a network of compromised small office and home office (SOHO) routers and firewall devices across the world, with one specific cluster acting as a covert […]
Working at the speed of digital business is a constant challenge. But in today’s increasingly automated operational environment, crypto agility—i.e., an organization’s ability to (at the moment of compromise) switch rapidly and seamlessly between certificate authorities, encryption standards and keys and certificates with minimal disruption to one’s digital infrastructure—becomes essential to business. Crypto agility is […]
Google has released its fuzzing framework as an open source resource to help developers and researchers improve how they find software vulnerabilities. The framework, which automates manual aspects of fuzz testing, uses large language models (LLMs) to write project-specific code to boost code coverage. The open source fuzzing tool includes support for Vertex AI code-bison, […]
Orca has discovered three new vulnerabilities within various Azure HDInsight third-party services, including Apache Hadoop, Spark, and Kafka. These services are integral components of Azure HDInsight, a widely used managed service offered within the Azure ecosystem. Two of the vulnerabilities could have led to Privilege Escalation (PE) and one could have been used to cause […]
Feb 07, 2024NewsroomDevice Security / Vulnerability The maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked as CVE-2023-40547 (CVSS score: 9.8), the vulnerability could be exploited to achieve a Secure Boot bypass. Bill Demirkapi of […]