November 20, 2024 at 03:43PM MITRE released its annual list of the top 25 common software weaknesses, highlighting vulnerabilities behind 31,000 disclosures from June 2023 to June 2024. These flaws can be exploited by attackers to gain control over systems or steal data. Organizations are encouraged to prioritize addressing these vulnerabilities in their security strategies. … Read more
November 18, 2024 at 03:56PM Jen Easterly, director of CISA, will resign on Inauguration Day as part of a transition to a Trump administration. During her tenure, she addressed significant cybersecurity incidents, including the Colonial Pipeline attack, and implemented new initiatives. Future plans for CISA remain uncertain amid calls from Republicans for mission restrictions. ### … Read more
November 18, 2024 at 08:33AM The U.S. Department of Homeland Security issued voluntary recommendations for securely developing and deploying AI in critical infrastructure. The “Roles and Responsibilities Framework” emphasizes responsibilities for all supply chain participants, focusing on security, governance, and model design. It aims to enhance AI system safety and transparency while adapting to evolving … Read more
November 14, 2024 at 03:40AM The UK, US, Canada, Australia, and New Zealand’s cybersecurity agencies released their annual list of the 15 most exploited vulnerabilities, highlighting increased attacks on zero-day exploits. Top entries include vulnerabilities in Citrix, Cisco, and Fortinet, emphasizing the need for prompt patching and secure product design to enhance network defenses. ### … Read more
November 12, 2024 at 10:03AM The CISA’s Secure by Design pledge, aimed at improving cybersecurity in software companies, is voluntary and lacks regulatory enforcement, raising concerns about its effectiveness. With rising data breaches, a more aggressive governmental approach, including mandatory compliance measures similar to the EU’s standardization efforts, is necessary to ensure robust cybersecurity. ### … Read more
November 6, 2024 at 07:17PM Google will mandate multi-factor authentication (MFA) for all Google Cloud users by the end of 2025, starting phased implementation this month. This requirement aims to enhance account security, although general consumer accounts are exempt. Similar measures are being adopted across the industry, but MFA alone is not infallible against threats. … Read more
October 25, 2024 at 07:17AM The Cybersecurity and Infrastructure Security Agency (CISA) questions the claim that fixing software vulnerabilities is 100 times more expensive during production. Agile development may lessen this cost, suggesting that shifting security responsibilities to developers, while important, needs a balanced approach. The emphasis should be on integrating security throughout the development … Read more
September 26, 2024 at 05:19PM The number of memory-related vulnerabilities in Android has significantly decreased over the past five years, attributed to Google’s use of memory-safe languages like Rust. Memory safety issues now only account for 24% of all Android vulnerabilities, down from 76% in 2019. This shift has been credited to Google’s secure-by-design approach … Read more
September 26, 2024 at 09:19AM Google’s secure-by-design approach to code development has led to a significant reduction in memory safety vulnerabilities in Android and Chrome. The adoption of memory-safe programming languages like Rust has resulted in a decrease in memory safety bugs in Android, reducing the overall security risk to users. This proactive approach marks … Read more
September 25, 2024 at 03:34PM The shift in Android vulnerabilities caused by memory safety issues from 76% in 2019 to 24% in 2024 highlights Google’s adoption of memory-safe languages like Rust. This strategy retains older code with minimal changes focused on security fixes, while prioritizing new code in memory-safe languages. Google emphasizes proactive prevention over … Read more