vulnerabilities
-
Blog
Russia is targeting unpatched vulnerabilities – what can tech leaders do to shore up defenses?
Amid the war in Ukraine and escalating global geopolitical tensions, the threat from Russian cyber adversaries has never been greater. So much so that the UK’s National Cyber Security Centre (NCSC) has issued a warning to firms to buckle up for online attacks by Russia’s Foreign Intelligence Service (SVR). According to a joint advisory of US security agencies, the nation…
Read More » -
Blog
These three critical sectors are riddled with high-risk vulnerabilities
The finance, healthcare, and IT sectors are among the most vulnerable to cyber attacks, new research reveals, with thousands of critical security flaws identified across all three industries. Research from software firm Black Duck analyzed data from over 200,000 dynamic application security testing (DAST) scans on around 1,300 apps across 19 industries between June 2o23 and June 2024. Black Duck’s…
Read More » -
Blog
Four Critical Vulnerabilities Paved Over
On Patch Tuesday, Windows systems will be updated with a flood of security fixes. In November, Windows patched four zero-day vulnerabilities, two of which have been exploited. Patch Tuesdays are a good time for admin teams to remind employees of the importance of keeping operating systems and applications up to date. In the meantime, software makers like Microsoft and Adobe…
Read More » -
Blog
Threat Actors Are Exploiting Vulnerabilities Faster Than Ever
New research by cybersecurity firm Mandiant provides eyebrow-raising statistics on the exploitation of vulnerabilities by attackers, based on the analysis of 138 different exploited vulnerabilities that were disclosed in 2023. The findings, published on Google Cloud’s blog, reveals that vendors are increasingly being targeted by attackers, who are continually reducing the average time to exploit both zero-day and N-day vulnerabilities.…
Read More » -
Blog
CISA issues alert over two high-severity DrayTek vulnerabilities – here’s what you need to know
CISA has added three security flaws to its known exploited vulnerabilities (KEV) catalog, including two affecting DrayTek’s network equipment management software, VigorConnect. The third vulnerability added to the catalog affects Kingsoft’s popular WPS Office productivity suite. All three vulnerabilities were described as path traversal flaws, that allow attackers to read sensitive files they should not be able to access. The…
Read More » -
Blog
26,500 Cyber Vulnerabilities Risk SE Asia’s Banks
More than 26,500 vulnerabilities exist in the external attack surfaces of Southeast Asia’s 90 top banking and financial services organisations, according to new research by cybersecurity firm Tenable. About 11,000 of these exploitable internet-facing assets belong to Singapore’s top-tier institutions, including lenders and insurers. The assessment found weak SSL/TSL encryption, misconfigured internal assets, inconsistent URL encryption, and older APIs across…
Read More » -
Blog
Microsoft Copilot could have serious vulnerabilities after researchers reveal data leak issues in RAG systems
Researchers have discovered a huge potential problem in retrieval augmented generation (RAG) systems, the backend technology of tools such as Microsoft Copilot currently used today. Based at the University of Texas, a group of five researchers claimed to have discovered a class of security vulnerabilities they dubbed ‘ConfusedPilot.’ They say these vulnerabilities can “confuse” Copilot for Microsoft 365 into committing…
Read More » -
Blog
Microsoft patches six actively exploited vulnerabilities
The proximity to Black Hat and DEF CON may have played a part in that, however, as some of the publicly disclosed vulnerabilities came from talks given by security researchers last week at the two conferences. Those vulnerabilities might have been reported responsibly to Microsoft in advance, but weren’t considered severe enough to warrant out-of-band fixes — something that Microsoft…
Read More » -
Blog
GitHub wants to stamp out software vulnerabilities once and for all: Copilot Autofix helps developers fix flaws three-times faster than manually
GitHub is set on eliminating insecure code with its new offering, Copilot Autofix, a tool designed to automate dealing with software vulnerabilities. Using AI, Autofix analyzes vulnerabilities in code, describes the importance of said vulnerabilities, and then presents users with suggestions to help developers fix each issue as it arises. GitHub found that developers were able to fix software vulnerabilities…
Read More »