VMware patches over remote make-me-root holes in vCenter Server, Cloud Foundation

September 17, 2024 at 05:00PM Broadcom has released two patches addressing critical vulnerabilities in VMware vCenter Server and Cloud Foundation. CVE-2024-38812 is a heap overflow flaw with a CVSS score of 9.8, enabling remote code execution. CVE-2024-38813 allows for privilege escalation and has a CVSS score of 7.5. Both vulnerabilities were discovered during a cyber … Read more

The Fall of the National Vulnerability Database

May 16, 2024 at 10:10AM The National Vulnerability Database (NVD) initially created by NIST to centralize cybersecurity vulnerability intelligence is now struggling due to various factors. Increased accessibility led to a surge in low-quality reports, with inexperienced researchers seeking recognition and monetary incentives. As a result, the NVD has not updated vulnerabilities since February, highlighting … Read more

The Unlikely Romance of Hackers and Government Suitors

December 14, 2023 at 10:08AM The annual Hack the Capitol event brings together scientists, hackers, and policymakers to educate about critical cybersecurity challenges. The convergence of AI, security concerns, and policy efforts is evident. Public support for new policy guardrails has reinforced government and industry involvement with bug bounties. Government agencies have stepped up to … Read more