A prominent cybersecurity executive is calling on the U.S. government to resist the urge to match China’s reported mandates around early vulnerability disclosure, warning that such a move would “meaningfully and dramatically increase the risk” of zero-day flaws landing in the wrong hands.
Software giant Microsoft has open-sourced its internal tool for generating SBOMs (software bill of materials) as part of a move to help organizations be more transparent about supply chain relationships between components used when building a software product.
Microsoft has issued an urgent Patch Tuesday bulletin to warn of in-the-wild zero-day exploitation of a privilege escalation flaw in the Windows operating system.
Software maker Adobe has rolled out a major security update for its flagship Acrobat and Reader products to fix at least 22 documented vulnerabilities, some serious enough to cause arbitrary code execution attacks.
Cybersecurity firm Emsisoft has released free decryptor tools for AstraLocker, a “smash-and-grab” ransomware family that was recently retired.
Election officials preparing for the upcoming midterms face a myriad of threats, both foreign and domestic, as they look to protect voting systems and run a smooth election while fighting a wave of misinformation that has been undermining public confidence in U.S. elections.
OpenSSL has issued an urgent advisory to warn of a memory corruption vulnerability that exposes servers to remote code execution attacks.
The vulnerability, tracked as CVE-2022-2274, was introduced in OpenSSL 3.0.4 and could potentially allow malicious hackers to launch remote code attacks on unpatched SSL/TLS server side devices.
Faced with a surge in state-sponsored mercenary spyware attacks targeting its flagship iOS platform, Apple plans to add a new ‘Lockdown Mode’ that significantly reduces attack surface and adds technical roadblocks to limit sophisticated software exploits.
Security researchers at ReversingLabs are warning of a “significant escalation in software supply chain attacks” after discovering more than two dozen malicious NPM packages siphoning user data from mobile and desktop applications.
The United States Department of Defense (DoD) has launched a one-week bug bounty program to reward researchers who find high- and critical-severity vulnerabilities in publicly accessible assets owned by the DoD.
Impostazioni privacy
Questo sito utilizza i cookie per migliorare la tua esperienza di navigazione su questo sito.
