Oct 06, 2023NewsroomProgramming / Software Security GitHub has announced an improvement to its secret scanning feature that extends validity checks to popular services such as Amazon Web Services (AWS), Microsoft, Google, and Slack. Validity checks, introduced by the Microsoft subsidiary earlier this year, alert users whether exposed tokens found by secret scanning are active, thereby […]
Oct 05, 2023NewsroomNetwork Security / Software Patch Cisco has released updates to address a critical security flaw impacting Emergency Responder that allows unauthenticated, remote attackers to sign into susceptible systems using hard-coded credentials. The vulnerability, tracked as CVE-2023-20101 (CVSS score: 9.8), is due to the presence of static user credentials for the root account that […]
Last updated 3 October, 2023 Tidal has restricted Stems within all DJ software as of 1 October. That means when you’re using Tidal to play music in your DJ software, the stems functions will no longer work, whether your software is Serato, Rekordbox, djay Pro AI, Engine DJ, or any of the nine platforms it […]
Chalk is a free, open-source tool that helps improve software security. You add a single line to your build script, and it will automatically collect and inject metadata into every build artifact: source code, binaries, and containers. Gaining visibility Chalk enables complete visibility across the development process, from the first time a developer creates the […]
Progress Software released fixes for eight vulnerabilities in WS_FTP, including one with a maximum severity score, but evidence of exploitation was discovered shortly after.
Progress Software has borne minimal impact from the mass exploit of a zero-day vulnerability in its file-transfer service MOVEit despite supply chain compromises that have affected more than 2,100 organizations. Researchers say the data of at least 62 million people has been exposed by the attacks. Progress reported $951,000 in cyber incident and vulnerability response […]
Sep 29, 2023THNServer Security / Vulnerability Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface. Tracked as CVE-2023-40044, the flaw has a CVSS score of 10.0, indicating maximum severity. All versions of the software are […]
Sep 29, 2023THNVulnerability / Network Security Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on affected systems. The medium-severity vulnerability is tracked as CVE-2023-20109, and has a CVSS score of 6.6. It impacts […]
The Cybersecurity and Infrastructure Security Agency is urging the software industry to embrace the use of memory safe programming languages as part of a wider effort to eliminate security vulnerabilities in code. CISA called for the changes alongside a push to embrace secure-by-design practices during the software development stage and to increase the security of […]