October 29, 2024 at 05:37AM Apple has launched security updates for iOS 18 and macOS Sequoia 15, fixing over 70 vulnerabilities. These updates enhance the security of various Apple products. **Meeting Takeaways:** 1. **Security Updates Released**: Apple has issued security updates for both iOS 18 and macOS Sequoia 15. 2. **Purpose of Updates**: These updates … Read more
October 25, 2024 at 08:46AM CISA, FBI, and ACSC have released guidance aimed at assisting software manufacturers in creating secure deployment processes. This new security guide aims to strengthen the safety and reliability of software applications. The information was shared in a report by SecurityWeek. **Meeting Takeaways:** 1. **Publication of Guidance**: CISA (Cybersecurity and Infrastructure … Read more
October 22, 2024 at 10:30AM A recently patched vulnerability in Styra’s Open Policy Agent (CVE-2024-8260) could have allowed attackers to leak NTLM credentials, enabling authentication relay or password cracking. Proper input validation issues and specific prerequisites were identified. This highlights the ongoing risks associated with NTLM, prompting Microsoft to plan its retirement in Windows 11. … Read more
October 21, 2024 at 03:38PM Dan O’Dowd, founder of Green Hills Software, has developed an “unhackable” operating system, Integrity-178B, for secure communications, used by Trump and the military. He also critiques Tesla’s self-driving technology, calling it dangerous. O’Dowd previously ran for the Senate to address autonomous vehicle safety, gaining media attention and support. ### Meeting … Read more
October 21, 2024 at 08:24AM This week’s cybersecurity recap highlights increasing hacker tactics targeting seemingly secure systems while security experts develop advanced protective measures. Notable incidents include Apple’s macOS flaw and the weaponization of legitimate tools. Keeping devices updated is essential for protection. The FIDO Alliance aims to enhance passkey transfer across platforms. ### Meeting … Read more
October 17, 2024 at 12:08PM CISA and the FBI are seeking public feedback on new guidance addressing poor software security practices. The initiative aims to enhance security measures and raise awareness of risky behaviors in software development. **Meeting Takeaways:** 1. **Request for Public Comment**: CISA (Cybersecurity and Infrastructure Security Agency) and the FBI are soliciting … Read more
October 15, 2024 at 02:03PM Apple released a security update for macOS Monterey 12.7.6 on July 29, 2024, addressing multiple vulnerabilities. Key improvements include enhanced data access restrictions, memory handling, and input validation. These changes mitigate risks of sensitive data leakage, unexpected app termination, and unauthorized access, significantly improving system security. ### Meeting Notes Takeaways … Read more
October 7, 2024 at 05:57AM A critical security flaw (CVE-2024-47561) in Apache Avro Java SDK prior to 1.11.4 allows execution of arbitrary code, impacting large-scale data processing. Users are advised to upgrade to version 1.11.4 or 1.12.0. Vulnerability exists in deserializing input via Avro schema, affecting organizations mainly in the US. Mitigations include sanitizing schemas … Read more
October 1, 2024 at 10:09AM The integration of software development, deployment, and operations into DevOps teams promises increased efficiency and better application quality, but complex infrastructure has led to a growing attack surface. Organizations struggle with numerous programming languages, new packages, and security concerns. Cybersecurity professionals need to focus on securing the entire DevOps pipeline … Read more
September 27, 2024 at 12:42PM Progress Software has addressed six security flaws in WhatsUp Gold, including two critical vulnerabilities, through updates in version 24.0.1. The CVE identifiers for the flaws and their respective CVSS scores have been listed. Security researcher Sina Kheirkhah and others have been credited with discovering and reporting the flaws. Users are … Read more