Thomas BrewsterForbes Staff Senior writer at Forbes covering cybercrime, privacy and surveillance. Following Dec 17, 2024,09:36am EST Updated Dec 17, 2024, 03:24pm EST The Wiretap is your weekly diges

Today, Ivanti warned customers about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. The security flaw (tracked as CVE-2024-11639 and reporte

By Paweł Płatek In the race to secure cloud applications, AWS Nitro Enclaves have emerged as a powerful tool for isolating sensitive workloads. But with great power comes great responsibility—and pote

By Matt Schwager and Travis Peters We are publishing another set of custom Semgrep rules, bringing our total number of public rules to 115. This blog post will briefly cover the new rules, then explor

By Boyan Milanov We’ve developed a new hybrid machine learning (ML) model exploitation technique called Sleepy Pickle that takes advantage of the pervasive and notoriously insecure Pickle file format

By Matt Schwager and Sam Alws We are publishing a set of 30 custom Semgrep rules for Ansible playbooks, Java/Kotlin code, shell scripts, and Docker Compose configuration files. These rules were create

By Dominik Klemba and Dominik Czarnota This post will guide you through using AddressSanitizer (ASan), a compiler plugin that helps developers detect memory issues in code that can lead to remote code

By Matt Schwager Trail of Bits is excited to introduce Ruzzy, a coverage-guided fuzzer for pure Ruby code and Ruby C extensions. Fuzzing helps find bugs in software that processes untrusted input. In

By Artur Cygan Fuzzing—one of the most successful techniques for finding security bugs, consistently featured in articles and industry conferences—has become so popular that you may think most importa

Robert Lemos, Contributing WriterDecember 18, 2023 5 Min Read Source: Zakharchuk via Shutterstock When videoconferencing service Zoom searched for a better way to assign a severity to vulnerabilities

Image: Laura Normand / The Verge Microsoft is overhauling its security processes after a series of high-profile attacks in recent years. Security is now Microsoft’s “top priority,” the company outline

Forty percent of cyber teams have not reported a cyber incident out of fear of losing their jobs, a new report has shown. This signifies a serious underreporting of cyber breaches globally, cybersecur

Amazon has confirmed that employee data was compromised after a “security event” at a third-party vendor. In a statement given to TechCrunch on Monday, Amazon spokesperson Adam Montgomery confirmed th

It's patch time for Firefox fans as Mozilla issues a security advisory for a critical code execution vulnerability in the browser. Mozilla said CVE-2024-9680 is a use-after-free issue in Animation tim

A CrowdStrike senior executive apologized for causing a global software outage that ground the operations of hospitals, airports, payment systems and personal computers around the world to a halt in J

On Tuesday, Sept. 10, we hosted the Windows Endpoint Security Ecosystem Summit. This forum brought together a diverse group of endpoint security vendors and government officials from the U.S. and Euro

We had originally planned to go all-in on passkeys for ONCE/Campfire, and we built the early authentication system entirely around that. It was not a simple setup! Handling passkeys properly is surpri

Planned Parenthood of Montana's chief exec says the org is responding to a cyber-attack on its systems, and has drafted in federal law enforcement and infosec professionals to help investigate and reb

A new variant of the ongoing sextortion email scams is now targeting spouses, saying that their husband or wife is cheating on them, with links to the alleged proof. In sextortion emails, scammers pre

The Justice Department is suing the Georgia Institute of Technology and an affiliate company, claiming they failed to meet the cybersecurity standards required for obtaining Pentagon contracts. The U.

Chinese government-backed hackers have penetrated deep into U.S. internet service providers in recent months to spy on their users, according to people familiar with the ongoing American response and

Pavel Durov was born in Russia and now lives in Dubai, where Telegram is based. He holds dual citizenship of the United Arab Emirates and France. Telegram is particularly popular in Russia, Ukraine an

CrowdStrike is aware of inaccurate reporting and false claims about the security of the Falcon sensor. This blog sets the record straight by providing customers with accurate technical information abo

Google's flagship Pixel smartphone line touts security as a centerpiece feature, offering guaranteed software updates for seven years and running stock Android that's meant to be free of third-party a

Subscribe Join the newsletter to get the latest updates. 🖥️ 404 Media is an independent website whose work is written, reported, and owned by human journalists and whose intended audience is real peop

July 31 (Reuters) - CrowdStrike (CRWD.O), opens new tab has been sued by shareholders who said the cybersecurity company defrauded them by concealing how its inadequate software testing could cause th

The Heritage Foundation’s nearly 1,000-page Project 2025 report is what the conservative DC-based think tank hails as a game plan for Donald Trump to follow in running the US government if he wins in

Stu Sjouwerman 23 Jul Incident Report Summary: Insider Threat First of all: No illegal access was gained, and no data was lost or compromised on any KnowBe4 systems. TLDR: KnowBe4 needed a software en

FACEPALM GOES HERE Secure Boot is completely broken on 200+ models from 5 big device makers Keys were labeled "DO NOT TRUST." Nearly 500 device models use them anyway. Dan Goodin – Jul 25, 2024 2:00 p

Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. This malicious activity was reported by Re

The cybersecurity firm Wiz has turned down a $23bn (£18bn) takeover bid from Google’s parent, Alphabet, spurning what would have been the tech company’s biggest ever acquisition and seeking a stock ma

Bitdefender Enterprise July 02, 2024 The cybersecurity industry is facing significant challenges these days. According to the 2024 Cybersecurity Assessment industry report, nearly two-thirds of respon

CocoaPods, an open-source dependency manager used in over three million applications coded in Swift and Objective-C, left thousands of packages exposed and ready for takeover for nearly a decade – the

Introduction & Overview Ollama is one of the most popular open-source projects for running AI Models, with over 70k stars on GitHub and hundreds of thousands of monthly pulls on Docker Hub. Inspired b

We have Mark Dowd on, founder of Aziumuth Security and one of the authors of The Art of Software Security Assessment, to talk about the market for zero day vulnerabilities, and how mitigations affect