vulnerabilities
-
Blog
CISA issues alert over two high-severity DrayTek vulnerabilities – here’s what you need to know
CISA has added three security flaws to its known exploited vulnerabilities (KEV) catalog, including two affecting DrayTek’s network equipment management software, VigorConnect. The third vulnerability added to the catalog affects Kingsoft’s popular WPS Office productivity suite. All three vulnerabilities were described as path traversal flaws, that allow attackers to read sensitive files they should not be able to access. The…
Read More » -
Blog
26,500 Cyber Vulnerabilities Risk SE Asia’s Banks
More than 26,500 vulnerabilities exist in the external attack surfaces of Southeast Asia’s 90 top banking and financial services organisations, according to new research by cybersecurity firm Tenable. About 11,000 of these exploitable internet-facing assets belong to Singapore’s top-tier institutions, including lenders and insurers. The assessment found weak SSL/TSL encryption, misconfigured internal assets, inconsistent URL encryption, and older APIs across…
Read More » -
Blog
Microsoft Copilot could have serious vulnerabilities after researchers reveal data leak issues in RAG systems
Researchers have discovered a huge potential problem in retrieval augmented generation (RAG) systems, the backend technology of tools such as Microsoft Copilot currently used today. Based at the University of Texas, a group of five researchers claimed to have discovered a class of security vulnerabilities they dubbed ‘ConfusedPilot.’ They say these vulnerabilities can “confuse” Copilot for Microsoft 365 into committing…
Read More » -
Blog
Microsoft patches six actively exploited vulnerabilities
The proximity to Black Hat and DEF CON may have played a part in that, however, as some of the publicly disclosed vulnerabilities came from talks given by security researchers last week at the two conferences. Those vulnerabilities might have been reported responsibly to Microsoft in advance, but weren’t considered severe enough to warrant out-of-band fixes — something that Microsoft…
Read More » -
Blog
GitHub wants to stamp out software vulnerabilities once and for all: Copilot Autofix helps developers fix flaws three-times faster than manually
GitHub is set on eliminating insecure code with its new offering, Copilot Autofix, a tool designed to automate dealing with software vulnerabilities. Using AI, Autofix analyzes vulnerabilities in code, describes the importance of said vulnerabilities, and then presents users with suggestions to help developers fix each issue as it arises. GitHub found that developers were able to fix software vulnerabilities…
Read More »