Vulnerabilities

Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others

Posted on by Admin
Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others

December brought a relatively mild Patch Tuesday, with one vulnerability having been actively exploited. Of all 70 vulnerabilities fixed, 16 were classified as critical. “This year, cybersecurity professionals must be on Santa’s nice list, or, at the very least, Microsoft’s,” Tyler Reguly, associate director of security R&D at cybersecurity software and services company Fortra, told TechRepublic in an email. Microsoft patches leaky CLFS CVE-2024-49138 is an elevation of privilege vulnerability in the Windows Common Log…

Read More

US Sanctions Chinese Cybersecurity Firm for Ransomware Attack

Posted on by Admin
US Sanctions Chinese Cybersecurity Firm for Ransomware Attack

The U.S. has sanctioned Sichuan Silence, a Chinese cybersecurity firm involved in ransomware attacks targeting critical infrastructure in 2020. One of its employees, Guan Tianfeng, has also been charged individually. Guan, a security researcher, discovered a zero-day vulnerability in a firewall product developed by U.K.-based security firm Sophos. He exploited the vulnerability, designated CVE 2020-12271, using a SQL injection attack that retrieved and remotely executed a script from a malicious server. Guan and his co-conspirators…

Read More

Products Of The Year 2024: The Finalists

Posted on by Admin
Products Of The Year 2024: The Finalists

CRN staff compiled the top partner-friendly products that launched or were significantly updated over the last year. Now it’s up to solution providers to choose the winners. Application Performance and Observability As more applications run in hybrid-cloud and multi-cloud environments, maintaining application performance has becoming a more complex task. Application performance management and observability tools help IT organizations maintain the health, performance and user experience of business applications, according to market researcher Gartner. Such tools…

Read More

Three Quarters of Dependency Vulnerability Patches Lead to Breakages, Report Finds

Posted on by Admin
Three Quarters of Dependency Vulnerability Patches Lead to Breakages, Report Finds

Patches deployed for dependency vulnerabilities cause breakages 75% of the time, a new report has revealed. Minor updates were found to break clients 94% of the time, and for version upgrades this was 95%. Software dependencies — the external code or libraries that a project requires to function properly — are notoriously difficult to manage during application development. Remediating vulnerabilities in dependencies requires a major version update 24% of the time. “Seemingly the most straight-forward…

Read More

OpenAI's GPT-4 Can Autonomously Exploit 87% of One-Day Vulnerabilities

Posted on by Admin
OpenAI's GPT-4 Can Autonomously Exploit 87% of One-Day Vulnerabilities

The GPT-4 large language model from OpenAI can exploit real-world vulnerabilities without human intervention, a new study by University of Illinois Urbana-Champaign researchers has found. Other open-source models, including GPT-3.5 and vulnerability scanners, are not able to do this. A large language model agent — an advanced system based on an LLM that can take actions via tools, reason, self-reflect and more — running on GPT-4 successfully exploited 87% of “one-day” vulnerabilities when provided with…

Read More

Google Cloud's Nick Godfrey Talks Security, Budget and AI for CISOs

Posted on by Admin
Google Cloud's Nick Godfrey Talks Security, Budget and AI for CISOs

Image: Adobe/Sundry Photography As senior director and global head of the office of the chief information security officer (CISO) at Google Cloud, Nick Godfrey oversees educating employees on cybersecurity as well as handling threat detection and mitigation. We conducted an interview with Godfrey via video call about how CISOs and other tech-focused business leaders can allocate their finite resources, getting buy-in on security from other stakeholders, and the new challenges and opportunities introduced by generative…

Read More

Google Offers Bug Bounties for Generative AI Security Vulnerabilities

Posted on by Admin
Google Offers Bug Bounties for Generative AI Security Vulnerabilities

Google’s Vulnerability Reward Program offers up to $31,337 for discovering potential hazards. Google joins OpenAI and Microsoft in rewarding AI bug hunts. Image: Markus Mainka/Adobe Stock Google expanded its Vulnerability Rewards Program to include bugs and vulnerabilities that could be found in generative AI. Specifically, Google is looking for bug hunters for its own generative AI, products such as Google Bard, which is available in many countries, or Google Cloud’s Contact Center AI, Agent Assist….

Read More

FAQ for MOVEit Transfer Vulnerabilities and CL0P Ransomware Gang

Posted on by Admin
FAQ for MOVEit Transfer Vulnerabilities and CL0P Ransomware Gang

Frequently asked questions relating to vulnerabilities in MOVEit Transfer, including one that was exploited by the prolific CL0P ransomware gang. Background The Tenable Security Response Team has put together this blog to answer frequently Asked Questions (FAQ) regarding the MOVEit Transfer vulnerabilities and the CL0P ransomware gang. FAQ What is MOVEit Transfer? MOVEit Transfer is a secure managed file transfer (MFT) software made by Progress Software that provides a centralized solution for a variety of…

Read More
1 2 3