June 26, 2024 at 06:57AM Software-producing organizations are facing increasing regulatory and legal pressure to secure their supply chains and protect their software integrity. The software supply chain has become a prime target for attackers, as seen in the Log4j breach. To address these security challenges, organizations should consider various measures, including governing the software … Read more
June 20, 2024 at 05:10PM A critical vulnerability, CVE-2024-0762 “UEFIcanhazbufferoverflow,” affecting Intel processors has been detailed by Eclypsium researchers. The flaw in UEFI firmware may allow attackers to gain unauthorized access and execute malicious code. The widespread impact on various PC models running SecureCore firmware adds complexity to patching efforts, leaving organizations vulnerable until fixes … Read more
June 20, 2024 at 10:58AM Cybersecurity researchers have disclosed a now-patched security flaw in Phoenix SecureCore UEFI firmware affecting multiple Intel Core processor families. Tracked as CVE-2024-0762 with a CVSS score of 7.5, the “UEFIcanhazbufferoverflow” vulnerability allowed a local attacker to execute malicious code within the firmware, impacting devices using Phoenix SecureCore firmware on select … Read more
June 12, 2024 at 03:30PM Starting June 11, US government contractors must submit a Secure Software Development Attestation Form, confirming adherence to secure-by-design principles and scrutiny of software components through software bills of material (SBOMs). Only 20% of respondents are prepared for this federal cybersecurity attestation, with 16% incorporating SBOMs into their software development. Other … Read more
June 7, 2024 at 08:06AM Summary: Traditional Software Composition Analysis (SCA) tools struggle to provide comprehensive security for software supply chains, leading to alert fatigue and leaving organizations vulnerable. Myrror Security’s guide offers insights into the limitations of current SCA tools and the features needed in future software supply chain security solutions to combat emerging … Read more
June 5, 2024 at 04:00PM Karamba Security announced that BYD, a major EV manufacturer, has adopted its VCode software to create a Software Bill of Materials (SBOM) for electronic control units, enhance supply-chain security, and meet cybersecurity regulation UN R155. The tool aims to help manufacturers identify and address cybersecurity issues before production and comply … Read more
May 21, 2024 at 07:09AM A critical security flaw in the llama_cpp_python Python package (CVE-2024-34359, codenamed Llama Drama) allows threat actors to execute arbitrary code, posing a risk to data and operations. Another high-severity flaw in Mozilla’s PDF.js library permits JavaScript execution in the PDF.js context. Both issues have been addressed in recent software updates. … Read more
April 30, 2024 at 06:49AM The U.S. government has issued new security guidelines to protect critical infrastructure from AI-related threats. Emphasizing responsible and safe AI usage, the guidelines address the potential risks associated with AI systems and recommend measures such as risk management, secure deployment environment, and identifying AI dependencies. The focus is on protecting … Read more
April 24, 2024 at 10:26AM Waterfall Security Solutions and ICS Strive’s “2024 Threat Report” notes a 19% increase in cyberattacks causing physical consequences, with 68 attacks recorded in 2023. Despite the increase, ransomware attacks with physical impact decreased slightly, while hacktivist attacks remained constant. The report’s cautious approach, focusing on public disclosures, likely underestimates the … Read more
April 18, 2024 at 01:41AM Singapore’s Cyber Security Administration chief, David Koh, highlights concerns about potential tech stack divisions between China and the West, affecting the country’s open economy. He fears a split in tech could disrupt trade and supply chain security. Despite Singapore’s strong cyber security, Koh laments limited influence in setting global tech … Read more