High-Risk Overflow Bug in Intel Chips Likely Impacts 100s of PC Models

June 20, 2024 at 05:10PM A critical vulnerability, CVE-2024-0762 “UEFIcanhazbufferoverflow,” affecting Intel processors has been detailed by Eclypsium researchers. The flaw in UEFI firmware may allow attackers to gain unauthorized access and execute malicious code. The widespread impact on various PC models running SecureCore firmware adds complexity to patching efforts, leaving organizations vulnerable until fixes … Read more

Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs

June 20, 2024 at 10:58AM Cybersecurity researchers have disclosed a now-patched security flaw in Phoenix SecureCore UEFI firmware affecting multiple Intel Core processor families. Tracked as CVE-2024-0762 with a CVSS score of 7.5, the “UEFIcanhazbufferoverflow” vulnerability allowed a local attacker to execute malicious code within the firmware, impacting devices using Phoenix SecureCore firmware on select … Read more

Process to Verify Software Was Built Securely Begins Today

June 12, 2024 at 03:30PM Starting June 11, US government contractors must submit a Secure Software Development Attestation Form, confirming adherence to secure-by-design principles and scrutiny of software components through software bills of material (SBOMs). Only 20% of respondents are prepared for this federal cybersecurity attestation, with 16% incorporating SBOMs into their software development. Other … Read more

Cyber Landscape is Evolving – So Should Your SCA

June 7, 2024 at 08:06AM Summary: Traditional Software Composition Analysis (SCA) tools struggle to provide comprehensive security for software supply chains, leading to alert fatigue and leaving organizations vulnerable. Myrror Security’s guide offers insights into the limitations of current SCA tools and the features needed in future software supply chain security solutions to combat emerging … Read more

EV Manufacturer BYD Selects Karamba Security to Meet Global Automotive Cybersecurity Regulations

June 5, 2024 at 04:00PM Karamba Security announced that BYD, a major EV manufacturer, has adopted its VCode software to create a Software Bill of Materials (SBOM) for electronic control units, enhance supply-chain security, and meet cybersecurity regulation UN R155. The tool aims to help manufacturers identify and address cybersecurity issues before production and comply … Read more

Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

May 21, 2024 at 07:09AM A critical security flaw in the llama_cpp_python Python package (CVE-2024-34359, codenamed Llama Drama) allows threat actors to execute arbitrary code, posing a risk to data and operations. Another high-severity flaw in Mozilla’s PDF.js library permits JavaScript execution in the PDF.js context. Both issues have been addressed in recent software updates. … Read more

U.S. Government Releases New AI Security Guidelines for Critical Infrastructure

April 30, 2024 at 06:49AM The U.S. government has issued new security guidelines to protect critical infrastructure from AI-related threats. Emphasizing responsible and safe AI usage, the guidelines address the potential risks associated with AI systems and recommend measures such as risk management, secure deployment environment, and identifying AI dependencies. The focus is on protecting … Read more

2023: A ‘Good’ Year for OT Cyberattacks

April 24, 2024 at 10:26AM Waterfall Security Solutions and ICS Strive’s “2024 Threat Report” notes a 19% increase in cyberattacks causing physical consequences, with 68 attacks recorded in 2023. Despite the increase, ransomware attacks with physical impact decreased slightly, while hacktivist attacks remained constant. The report’s cautious approach, focusing on public disclosures, likely underestimates the … Read more

Singapore infosec boss warns China/West tech split will be bad for interoperability

April 18, 2024 at 01:41AM Singapore’s Cyber Security Administration chief, David Koh, highlights concerns about potential tech stack divisions between China and the West, affecting the country’s open economy. He fears a split in tech could disrupt trade and supply chain security. Despite Singapore’s strong cyber security, Koh laments limited influence in setting global tech … Read more

Identifying third-party risk

April 15, 2024 at 04:06AM Webinar featuring Andy Grayland, CISO at Silobreaker, will address the rising third-party risk in busy supply chains. It focuses on the importance of protecting against cyber threats posed by third-party partners and how to use threat intelligence to identify and mitigate risks. The webinar will be held on 18 April. … Read more