Breach Notification , Security Operations , Standards, Regulations & Compliance Information Commissioner Urges Organizations to Accelerate Breach Notifications Jayant Chakravarti (@JayJay_Tech) • September 5, 2023 Image: James Mattis (Flickr/CC) Australia’s information commissioner urged organizations to quicken the process of notifying those affected by data breaches instead of spending months analyzing each incident. It […]
Application Security , Next-Generation Technologies & Secure Development Research Services Business Will Keep GrammaTech Name, Five Points Capital Ownership Michael Novinson (MichaelNovinson) • September 5, 2023 Mike Dager, CEO, CodeSecure (Image: CodeSecure) GrammaTech has separated its security software products and cyber research services divisions, and venture capital firm Battery Ventures has acquired the […]
Sep 07, 2023THNServer Security / Vulnerability Patches have been released to address two new security vulnerabilities in Apache Superset that could be exploited by an attacker to gain remote code execution on affected systems. The update (version 2.1.1) plugs CVE-2023-39265 and CVE-2023-37941, which make it possible to conduct nefarious actions once a bad actor is […]
The UK’s National Cyber Security Centre (NCSC) has announced its new chief technology officer (CTO) will be Ollie Whitehouse. Spun out of spy agency GCHQ in 2016, the NCSC plays a crucial role in advising businesses and consumers about how to avoid emerging threats. It also serves as the National Technical Authority for cybersecurity and works […]
Sep 06, 2023THNZero Day / Mobile Security Google has rolled out monthly security patches for Android to address a number of flaws, including a zero-day bug that it said may have been exploited in the wild. Tracked as CVE-2023-35674, the high-severity vulnerability is described as a case of privilege escalation impacting the Android Framework. “There […]
Security researchers have discovered what they described as a critical vulnerability in the relatively widely used PHPFusion open source content management system (CMS). The authenticated local file inclusion flaw, identified as CVE-2023-2453, allows for remote code execution if an attacker can upload a maliciously crafted “.php” file to a known path on a target system. […]
WithSecure has unveiled a new security vulnerability in Mend.io’s application security platform today, raising concerns about data privacy and potential exploitation. Mend.io, a provider of application security solutions with over 1000 customers, has swiftly addressed the issue. The vulnerability centers on Mend.io’s implementation of the Security Assertion Markup Language (SAML) login option, a standard method […]
Sep 06, 2023THNVulnerability / ICS Nine security flaws have been disclosed in electric power management products made by Schweitzer Engineering Laboratories (SEL). “The most severe of those nine vulnerabilities would allow a threat actor to facilitate remote code execution (RCE) on an engineering workstation,” Nozomi Networks said in a report published last week. The issues, […]
Researchers from Security Joes have identified an unknown threat actor exploiting vulnerabilities in the MinIO Object Storage system to remotely execute arbitrary code on vulnerable servers. Researchers discovered the exploit code Evil_MinIO, abusing CVE-2023-28434 and CVE-2023-28432 vulnerabilities, on a GitHub repository. MinIO is a high-performance and distributed object storage system used by various organizations. Attack […]