September 26, 2024 at 05:19PM The number of memory-related vulnerabilities in Android has significantly decreased over the past five years, attributed to Google’s use of memory-safe languages like Rust. Memory safety issues now only account for 24% of all Android vulnerabilities, down from 76% in 2019. This shift has been credited to Google’s secure-by-design approach … Read more
September 26, 2024 at 09:19AM Google’s secure-by-design approach to code development has led to a significant reduction in memory safety vulnerabilities in Android and Chrome. The adoption of memory-safe programming languages like Rust has resulted in a decrease in memory safety bugs in Android, reducing the overall security risk to users. This proactive approach marks … Read more
September 25, 2024 at 03:34PM The shift in Android vulnerabilities caused by memory safety issues from 76% in 2019 to 24% in 2024 highlights Google’s adoption of memory-safe languages like Rust. This strategy retains older code with minimal changes focused on security fixes, while prioritizing new code in memory-safe languages. Google emphasizes proactive prevention over … Read more
September 20, 2024 at 11:37AM The US Cybersecurity and Infrastructure Security Agency (CISA) has added the latest Ivanti weakness, a path traversal flaw, to its Known Exploited Vulnerability catalog. This came after a string of high-profile path traversal bugs affecting IT vendors. Ivanti has released a fix for the critical severity bug affecting its Cloud … Read more
September 19, 2024 at 08:37PM Jen Easterly, head of the US government’s Cybersecurity and Infrastructure Security Agency, emphasizes that software vendors are to blame for cyber attacks due to shipping faulty code. She encourages the industry to stop glamorizing cyber crime and demands better quality, secure products. Easterly calls for using procurement power to pressure … Read more
September 18, 2024 at 08:24AM CISA and the FBI issued a Secure by Design alert highlighting the prevalence of cross-site scripting (XSS) vulnerabilities. They urge organizations to eliminate XSS flaws by validating and sanitizing user input, implementing additional security measures, conducting code reviews, and using modern web frameworks. The agencies also recommend implementing secure by … Read more
September 17, 2024 at 12:46PM CISA and the FBI advised technology manufacturers to review software for cross-site scripting vulnerabilities before shipping and implement secure-by-design practices to eliminate such flaws entirely. They recommended input validation, output encoding functions, code reviews, and adversarial testing to prevent XSS vulnerabilities in future software releases. This warning is part of … Read more
August 19, 2024 at 10:07AM Cyberattacks have become the biggest threat to businesses, despite significant consequences. The human tendency to procrastinate, known as temporal discounting, leads to the delay in adopting modern security practices. Governments can combat this by enforcing penalties and regulations, similar to the automotive and food safety industries. Furthermore, guidance like automatic … Read more
August 2, 2024 at 07:00AM Enterprise Resource Planning (ERP) Software, including the open-source framework OFBiz, faces critical security vulnerabilities, as demonstrated by the exploitation of a directory traversal flaw. The SANS Internet Storm Center reported an increase in exploit attempts, with attackers targeting OFBiz using the Mirai botnet. The vulnerabilities pose a threat to sensitive … Read more
August 1, 2024 at 12:12PM SentinelOne has appointed Alex Stamos as its new Chief Information Security Officer (CISO). With a background at Yahoo and Facebook, Stamos aims to prioritize security over profit, referencing the dangers of upselling in the industry. The decision reflects SentinelOne’s commitment to a security-first approach in the face of increasing cyber … Read more