October 11, 2023 at 08:24AM AI can add value to API security in several ways. Firstly, it can be used for API discovery, studying request and response data to uncover unknown API endpoints. Secondly, AI can enforce schemas and improve access control by observing and mitigating deviations from learned schemas. Thirdly, AI can identify and … Read more
October 11, 2023 at 06:42AM The US Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities to its Known Exploited Vulnerabilities catalog. These include an Adobe Acrobat and Reader flaw that can be exploited for remote code execution, an out-of-bounds write flaw in Cisco IOS and IOS XE, two zero-days impacting Skype for … Read more
October 11, 2023 at 06:42AM Siemens and Schneider Electric have released their Patch Tuesday advisories for October 2023, addressing over 40 vulnerabilities in their products. Siemens has published a dozen advisories, including vulnerabilities in the Ruggedcom APE1808 platform and Nozomi Networks’ Guardian product. Nozomi has already patched these vulnerabilities. Schneider Electric has released advisories for … Read more
October 11, 2023 at 06:09AM The latest version of the curl command line transfer tool was released today, addressing two separate vulnerabilities. The first vulnerability is a heap-based buffer overflow flaw that affects both libcurl and the curl tool. The second vulnerability is a less-severe cookie injection flaw that only affects libcurl. Users are advised … Read more
October 11, 2023 at 05:19AM The UK Extension to the EU-US Data Privacy Framework, also known as the Data Bridge, will allow for the transfer of personal data from the UK to the US starting on October 12. This is necessary due to the UK no longer being a member of the EU. However, the … Read more
October 11, 2023 at 03:12AM Microsoft has released its October 2023 Patch Tuesday updates, addressing 103 flaws, two of which are actively being exploited. Among the vulnerabilities are information disclosure in Microsoft WordPad and privilege escalation in Skype for Business. Microsoft also fixed flaws in Microsoft Message Queuing and Layer 2 Tunneling Protocol. Additionally, Microsoft … Read more
October 11, 2023 at 12:30AM Microsoft has identified a critical flaw in Atlassian Confluence Data Center and Server that is being exploited by a nation-state actor called Storm-0062. The vulnerability, known as CVE-2023-22515, allows attackers to create unauthorized administrator accounts. Atlassian has been made aware of the issue and advises users to upgrade to the … Read more
October 11, 2023 at 12:09AM Microsoft analysts and researchers analyze trillions of signals daily to uncover emerging threats and provide timely security insights. They focus on nation-state groups to understand their activities within geopolitical trends. With the shift to remote work due to COVID-19, cybercriminals are exploiting system vulnerabilities and misconfigurations to access sensitive resources … Read more
October 10, 2023 at 07:58PM Microsoft has released over 100 security updates, including fixes for two bugs that are already being actively exploited. One of the vulnerabilities, known as Rapid Reset, is an HTTP/2 weakness that has been used since August to launch distributed denial of service (DDoS) attacks. Microsoft WordPad also has an information … Read more
October 10, 2023 at 07:54PM Researchers at Microsoft have identified a known nation-state threat actor, referred to as Storm-0062, as responsible for the recent zero-day exploits targeting Atlassian’s Confluence Data Center and Server products. The malicious activity had been ongoing since September 14, before Atlassian publicly disclosed the issue. Microsoft has provided IP addresses related … Read more