Products Of The Year 2024: The Finalists

Products Of The Year 2024: The Finalists

CRN staff compiled the top partner-friendly products that launched or were significantly updated over the last year. Now it’s up to solution providers to choose the winners. Application Performance and Observability As more applications run in hybrid-cloud and multi-cloud environments, maintaining application performance has becoming a more complex task. Application performance management and observability tools help IT organizations maintain the health, performance and user experience of business applications, according to market researcher Gartner. Such tools…

Read More

Three Quarters of Dependency Vulnerability Patches Lead to Breakages, Report Finds

Three Quarters of Dependency Vulnerability Patches Lead to Breakages, Report Finds

Patches deployed for dependency vulnerabilities cause breakages 75% of the time, a new report has revealed. Minor updates were found to break clients 94% of the time, and for version upgrades this was 95%. Software dependencies — the external code or libraries that a project requires to function properly — are notoriously difficult to manage during application development. Remediating vulnerabilities in dependencies requires a major version update 24% of the time. “Seemingly the most straight-forward…

Read More

OpenAI's GPT-4 Can Autonomously Exploit 87% of One-Day Vulnerabilities

OpenAI's GPT-4 Can Autonomously Exploit 87% of One-Day Vulnerabilities

The GPT-4 large language model from OpenAI can exploit real-world vulnerabilities without human intervention, a new study by University of Illinois Urbana-Champaign researchers has found. Other open-source models, including GPT-3.5 and vulnerability scanners, are not able to do this. A large language model agent — an advanced system based on an LLM that can take actions via tools, reason, self-reflect and more — running on GPT-4 successfully exploited 87% of “one-day” vulnerabilities when provided with…

Read More

Google Cloud's Nick Godfrey Talks Security, Budget and AI for CISOs

Google Cloud's Nick Godfrey Talks Security, Budget and AI for CISOs

Image: Adobe/Sundry Photography As senior director and global head of the office of the chief information security officer (CISO) at Google Cloud, Nick Godfrey oversees educating employees on cybersecurity as well as handling threat detection and mitigation. We conducted an interview with Godfrey via video call about how CISOs and other tech-focused business leaders can allocate their finite resources, getting buy-in on security from other stakeholders, and the new challenges and opportunities introduced by generative…

Read More

Google Offers Bug Bounties for Generative AI Security Vulnerabilities

Google Offers Bug Bounties for Generative AI Security Vulnerabilities

Google’s Vulnerability Reward Program offers up to $31,337 for discovering potential hazards. Google joins OpenAI and Microsoft in rewarding AI bug hunts. Image: Markus Mainka/Adobe Stock Google expanded its Vulnerability Rewards Program to include bugs and vulnerabilities that could be found in generative AI. Specifically, Google is looking for bug hunters for its own generative AI, products such as Google Bard, which is available in many countries, or Google Cloud’s Contact Center AI, Agent Assist….

Read More

FAQ for MOVEit Transfer Vulnerabilities and CL0P Ransomware Gang

FAQ for MOVEit Transfer Vulnerabilities and CL0P Ransomware Gang

Frequently asked questions relating to vulnerabilities in MOVEit Transfer, including one that was exploited by the prolific CL0P ransomware gang. Background The Tenable Security Response Team has put together this blog to answer frequently Asked Questions (FAQ) regarding the MOVEit Transfer vulnerabilities and the CL0P ransomware gang. FAQ What is MOVEit Transfer? MOVEit Transfer is a secure managed file transfer (MFT) software made by Progress Software that provides a centralized solution for a variety of…

Read More

An Actively Exploited Microsoft Zero-Day Flaw Still Has No Patch

An Actively Exploited Microsoft Zero-Day Flaw Still Has No Patch

Researchers warned last weekend that a flaw in Microsoft’s Support Diagnostic Tool could be exploited using malicious Word documents to remotely take control of target devices. Microsoft released guidance on Monday, including temporary defense measures. By Tuesday, the United States Cybersecurity and Infrastructure Security Agency had warned that “a remote, unauthenticated attacker could exploit this vulnerability,” known as Follina, “to take control of an affected system.” But Microsoft would not say when or whether a…

Read More
1 2 3