December 20, 2023 at 08:27PM The perpetual battle between IT security improvements and evolving attacker exploits has traditionally focused on software advancements. However, emerging hardware security technologies, particularly advanced instruction set architecture (ISA) extensions, have the potential to revolutionize IT security. Collaborative open-source efforts are driving progress in this area and will play a crucial … Read more
December 20, 2023 at 08:19PM Evolution of IT security presents a dynamic battleground between software sophistication and hardware advancements. While software remains the primary focus, emerging hardware technologies, such as advanced instruction set architecture (ISA) extensions, promise groundbreaking contributions to IT security capabilities. Open source technologies, like Capability Hardware Enhanced RISC Instructions (CHERI), exemplify the … Read more
December 18, 2023 at 01:24AM The U.S. CISA stresses eliminating default passwords on internet-exposed systems due to severe risks exploited by Iranian threat actors. Mitigation measures include utilizing unique setup passwords or enabling multi-factor authentication. CISA advises strong passwords, network segregation, and encryption to enhance security. Additionally, recommendations for hardening software supply chains have been … Read more
December 15, 2023 at 09:54AM SecurityWeek’s weekly cybersecurity roundup offers a concise compilation of notable stories, covering topics like Chinese APT hacking, Ukraine’s server destruction, cryptocurrency theft, ransomware gang arrests, vulnerabilities, and software patches. It also highlights industry news such as Dragos CEO joining DataTribe and the launch of 5th Gen Intel Xeon processors with … Read more
December 15, 2023 at 08:18AM Ledger, a crypto hardware wallet maker, faced a security breach after former employee fell victim to a phishing attack, leading to theft of $600,000 in virtual assets. Malicious code from the compromised npm account was used to propagate crypto drainer malware to other applications. Ledger has since removed the malicious … Read more
December 13, 2023 at 11:22AM Hackers are targeting a recently patched critical vulnerability (CVE-2023-50164) in Apache Struts, leading to remote code execution. Shadowserver reported limited exploitation attempts. Apache Struts is widely used in various sectors for web app development. A path traversal flaw in the recent versions could lead to unauthorized access, data theft, and … Read more
December 11, 2023 at 07:48AM The Apache Software Foundation released security updates addressing a critical file upload vulnerability in Struts 2, which could be exploited to execute arbitrary code remotely. Tracked as CVE-2023-50164, the flaw impacts Struts versions 2.0.0 to 2.3.37, 2.5.0 to 2.5.32, and 6.0.0 to 6.3.0. The vulnerability was patched in Struts versions … Read more
December 7, 2023 at 06:06AM Threat intelligence is essential in cybersecurity, enabling proactive defense, informed decision-making, and global threat awareness. Wazuh, an open-source security platform, enhances threat intelligence by integrating threat feeds, enriching data, and providing tools to create IoCs and custom detection rules, aiding organizations in effectively responding to cyber threats. Clear Takeaways from … Read more
December 6, 2023 at 11:41AM At Black Hat Europe 2023, a team from Microsoft, GitHub, and Banco Santander unveiled open source tools to detect weak cryptography, urging updates for quantum computing security. Their study found widespread use of outdated algorithms like RSA and SHA-1 in open source projects. The tools enable developers to assess and … Read more
November 30, 2023 at 06:06AM Google’s new RETVec, a multilingual text vectorizer, has improved Gmail’s spam detection by 38%, reducing false positives/negatives while enhancing performance. RETVec, efficient and resilient, requires no text preprocessing, works with all languages, and is now open source with a tutorial available. Takeaways from the Meeting Notes: 1. Google has developed … Read more