The European Union’s digital policy chief warned TikTok’s boss Thursday that the social media app will have to fall in line with tough new rules for online platforms set to take effect later this year.
Chainguard Trains Spotlight on SBOM Quality Problem
Software engineers tracking the quality of software bill of materials have stumbled on a startling discovery: Barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.
Vendors Actively Bypass Security Patch for Year-Old Magento Vulnerability
Vendors and agencies are actively bypassing the security patch that Adobe released in February 2022 to address CVE-2022-24086, a critical mail template vulnerability in Adobe Commerce and Magento stores, ecommerce security firm Sansec warns.
Exploited Control Web Panel Flaw Added to CISA ‘Must-Patch’ List
The US government’s cybersecurity agency CISA is giving federal agencies an early February deadline to patch a critical — and already exploited — security vulnerability in the widely used CentOS Control Web Panel utility.
18k Nissan Customers Affected by Data Breach at Third-Party Software Developer
Nissan North America is informing roughly 18,000 customers that their personal information was exposed in a data breach at a third-party services provider.
The breach occurred after data provided by Nissan to the services provider was inadvertently exposed on the internet, the company notes in a notification letter sent to the impacted customers.
Bill Would Force Period Tracking Apps to Follow Privacy Laws
When the Supreme Court last June stripped away constitutional protections for abortion, concerns grew over the use of period tracking apps because they aren’t protected by federal privacy laws.
Researchers: Brace for Zoho ManageEngine ‘Spray and Pray’ Attacks
Security researchers tracking a known pre-authentication remote code execution vulnerability in Zoho’s ManageEngine products are warning organizations to brace for “spray and pray” attacks across the internet.
Tesla Returns as Pwn2Own Hacker Takeover Target
Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to complete vehicle compromise.
Threema Under Fire After Downplaying Security Research
The developers of the open source secure messaging app Threema have come under fire over their public response to a security analysis conducted by researchers at the Swiss university ETH Zurich.
Investors Bet Big on Subscription-Based Security Skills Training
Hack The Box, a British startup working on technology to simplify cybersecurity skills training, has banked a $55 million funding round as venture capital investors place big bets on the subscription-based talent assessment space.